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The idea: 

Turn surfboards into art 


Serena Mitnik-Miller and Mason St. Peter of 
custom surfboard collective Two Birds Fly 
are living proof that when you're passionate 
about an idea, and you free it, beautiful 
things happen. Whether they're managing 
orders or creating promotional materials, 
working in a trusted productivity suite helps 
them take care of business and make sure 
their big idea takes flight. 
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Transcend platforms and free your ideas 
with Microsoft* Office for Mac 2011. 
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• Full scale hypervisor solution with bare metal architecture 

• Hardware-ready (or seamless Integration into existing IT infrastructures 

• Built-in VM and multiple server management and maintenance tools 

• Point and click migration of VM's between physical servers 


“Our district has already 
saved more than $50,000 
because Parallels Server 
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We anticipate more savings 
as well." 

—Richard Bowler 
Director of Technology 
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For business or for home, Parallels is the #1 choice of 
customers worldwide* 




To learn more, visit www.parallels.com/desktop today. 
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My Mac does do Windows. 


Parallels Desktop 8 6 for Mac. 
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* New! Get full control of your virtual machine with our all-new 
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* New! Take advantage of all of the capabilities of your 64-bit Mac 
and enjoy our fastest virtual machine performance yet 
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From the Editor ■ 


■ fs WWDC time, and at this point, since the event has sold out, you’re either attending or not. Of course, you 
m should be attending because conferences are for you. Really. Developers, this is a no-brainer: there’s so much 
■ to learn, particularly tills year with a new OS release on the horizon. iOS developers, you’re not excluded, 
either. IT people: if this year’s WWDC didn’t interest you, you’re a bit lost, Whaaaa? 

IT staff have one of the toughest jobs: know everything. No one asks developers to set up a network. No 
one asks developers to manage a fleet of hundreds of machines. No one asks a developer to reset a user account 
or correct permissions on a home directory. But that—and more—is IT You might think the £ and more’ part is 
setting up printers or training users. Sure, that’s a part of it. My issue is that the 'and more' needs to include 
development. Again: whaaaa? 

When (me person needs to configure their machine For VPN access, you can walk them through it over the 
phone or visit them. When 1,000 machines need to be configured for VPN access, you had better figure out a 
way to automate the task. This involves some amount of development time. When you'd like to trigger actions 
that take place for your fleet of machines when they come onto your corporate LAN, that’s going to take some 
development time. If you’d like to ease the use of setting some machine preferences with the use of a custom 
Preference Pane, that’s going to take some development time. IT people, you need to be developers, too. 

Now, IT people don’t need to master every facet of development. You don’t need to be Mark Dalrymple or 
Aaron Hillegass, But a modicum of Ruby? A smidge of Python? Basic Objective-C? Yes! Understanding basic 
development will *a!so* help you understand crash logs and aid you generally when Things Go Wrong, If you’re 
still afraid of a shell prompt, get over it: Mac OS X has been out for eleven years —there’s just no excuse any 
longer. 

No matter your discipline, conferences are for you because that’s where you meet the people that are dealing 
with this technology every day. The Mac community has the gift of many, many conferences. If you’re a web 
developer, there are HTML and Rails conferences. If you’re a Mac developer, there is WWDC, of course, but also 
many independent conferences through the year, including MacTecb Conference. IT people seemingly have less 
choices, however, that’s a fallacy. IT people should be attending IT conferences along with developer 
conferences. Not only do you have something to learn there, but you also have something to offer: a technical 
user of the developer’s products. How you deploy products to end-users is a worthwhile conversation to have 
with a developer. That’s along with the resources used on a machine, or bandwidth used by an application: 
these are all things that developers assume are OK until they hear it from someone actually in the trenches. 
MacTech Conference offers developer and IT tracks, along with time for all disciplines to meet. 

This month’s cover story introduces Cappuccino, a familiar way for Objective-C developers to create web 
sites, instead, using Objective-J. Think about creating web pages visually with Interface Builder making 
connections, but coding in Objective-J (for JavaScript). It’s very, very cool, and you can let Johannes Fahrenkrug 
get you started. 

This month's Mac in the Shell rounds out a way for Sys Admins to create a GUI-based app that makes it 
easy for end-users to collect specific logs and compress them for your use. 

First-time MacTech author Gary Larizza eases you into the power of crankd, an automation tool that can 
perform tasks based on system events. Crankd, by the way, is a perfect example of Lhe Sys Ad min/developer 
benefit. As a part of the PyMacAdmin suite of tools, crankd is a Python-based application created by Sys Admins, 
for Sys Admins. 

These, and all of articles in this month’s issue showcase the awesome Mac community from nearly every 
angle. Speaking of showcasing the community, the MacTech Spotlight each month focuses on one member of 
this community, This month, we hear from Justin Williams who is owner/lead developer/crew chief of Second 
Gear Software. Second Gear makes some clever, focused applications (for both Mac OS X and iOS), Check out 
thus month's MacTech Spotlight for some advice from Justin. 

If you’re at WWDC, please, contact us and say hello! (That’s @niarczak or @mactech on Twitter). If not, find 
your conference! (and let us know what it is!) 

Ed Marczak, 

Executive Editor 
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Mac in the Shell 

by Edward Marczak 


Ruby and the GUI 

Adding a real Cocoa GUI 
to a MacRuby application 

V 


Additionally, don't forget that MacRuby is a separate install As 
of tliis writing, version 0.10 (zero-dot-ten) is current, and can be 
downloaded from http://macruby.org. Installing die downloaded 
package will install the MacRuby framework, examples and Xcode 
templates for MacRuby development. 

The Beginning 

Before writing any code or creating a user interface, we need 
to create a new project in Xcode. Launch Xcode and you’ll see an 
introduction screen. Double-dick on “Create a new Xcode project’ 1 
from the choices on die left (see Figure 1), 

Create a new Xcode project 

Start building a new Mac. iPhone or IPad 
application from one of the included templates 



Introduction 


Figure 1 - Create a new project. 


The last few columas have been all about Ruby From the very 
basics of die Ruby language to the coupling of Cocoa with 
MacRuby we've covered it. This month, we’ll use Xcode to create 
a full Cocoa application. Xcode will let us create both the code and 
the GUT and connect them together. If vouVe never used Xcode 
ixffore, don’t be scared off. Ifs really painless, and the article will 
be a visual guide. 

The Project 

The project itself will lie a log collector. Oftentimes, an end 
user will have an issue and you just want them to gather up all of 
their logs and send them to you. This application will help you widi 
that by defining a list of log files you’d like put on a disk image 
(,dmg File), which will lie stored on a user’s desktop, making it easy 
to retrieve. 

Like other projects in this series, the application will work, but 
be less than perfect; we’ll improve it as we go along and in future 
articles. The most important thing to illustrate is how Xcode allows 
the GUI and tire Ruby code to interact. 

To get started, you'll need a Macintosh with Xcode, I'm using 
Xcode 4 in this article, although you should be able to translate it 
to Xcode 3 Frankly Xcode 4 shows die direction Apple is moving 
in and as a developer, you need to keep up with. Also, Xcode 4— 
while fine for our example—is less than perfect, and in those cases, 
bugs need to be reported to Apple. There's no better way to be a 
model digital citizen than finding and reporting bugs. Find a bug? 
Report it at http://bugreporter.Qpple.com. 

If you already have Xcode 4 (and it’s installed), great. If you 
need it, either you’re part of the developer program and can just 
download it from http://devebper.apple.comj or, you can purchase 
it for $4,99 from the Mac App Store, In either case, it’s a 4GB+ 
download, so plan for that time and a roughly 10-minute install. 


Once chosen, you’re immediately asked to “Choose a template for 
your new f project.” If you’ve installed the latest MacRuby release 
properly you'll see a choice for “MacRuby Application” (see Figure 
2). Choose “MacRuby Application” and click the 'Next' button. 


O1005.B a template for your new project: 


■, Mk05 X 

Ffurewart & t.burv 
Aral'CiHorr fluff 

ftwwm FluS"* 

otntr 



* 

V 

Apple Script 
Application 



| MacRuby Application 

TTii letr-uui* thridi a Oatta- bum appKiWMi » 


Pfpt'PUS I Mutt 


Figure 2 Template selection. 


Once you've chosen hie template, Xcode has some more questions 
for you. Figure 3 shows this dialog, along with the values you 
should enter for this project. Feel free to enter a different value for 
“Company Identifier,” of course. 
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DOES YOUR APP ONLY SPEAK ENGLISH? 

Go Global and Localize with 







Terminal 


a:~ itunesS sh localize_with_tethras.sh myApp.xcodeproj 

Mon May 10 09:10:05 Starting upload of 

myApp.xcodeproj to tethras.com 

Mon May 10 09:10:55 English.Iproj directory 

successfully uploaded 

Mon May 10 09:12:13 6 files / 630 words processed 

Mon May 10 09:14:13 Pseudo-translated files written 
to /Developer/myApp/pseudo.Iproj 
Mon May 10 09:14:15 (1) Purchase French: $94.50 

Mon May 10 09:14:15 (2) Purchase German: $94.50 

Mon May 10 09:14:15 (3) Purchase Japanese: $126.00 

Mon May 10 09:14:15 (4) Purchase all: $315.00 

Enter your selection: 


Mon May 10 09:16:43 
purchased 

Mon May 10 09:24:01 
Mon May 10 09:24:40 
Mon May 10 09:25:02 


French, German and Japanese 


French sent for translation 
German sent for translation 
Japanese sent for translation 


Wed May 12 15:03:08 French files written to 
/Developer/myApp/de.Iproj 

Wed May 12 15:03:26 German files written to 
/Developer/myApp/fr.Iproj 

Wed May 12 15:03:58 Japanese files written to 
/Developer/myApp/j a.Iproj 


Don’t ignore 60% of your market 

Sign up now attethras.com/wwdc2011 and 

receive any language of your choice for free 

Limited to new customers. Offer limited to $ 100 off your final purchase price for any language you 
choose. Register before end of July to activate your code. 












Choose options for your new project: 



Product Name 
Company identifier 
Bundle Identifier 
App Store Category 


the col iector 
tom, radiotope 

com .cad* otop tnthecolienor 

Utilities 


Create Document-Based Application 
Document Class VvDon,merit 
Document Extension mydoc 

Use Core Data 

Include SpmOfiht Imponer 


Figure 1 - Project options. 


You can certainly leave 4 App Store Category' at its default, but, 
tills will lx* a utility, so, there's no harm in setting it. 

Once these options are set and you dick next, you’!! be 
brought to the workspace in Xcode, Figure 4 shows the default 
workspace with your project options available. 


In a column on the left, you’ll see the navigator pane, 
defaulting to the project navigator. The project navigator shows all 
files (source code, resources, etc.) available to this project. With the 
project selected we're looking at project options in the main, center 
pane. 

You may notice that just by creating the project, there's a lot 
done for you. In fact, you already have a complete, runnable 
application. Indeed, you can dick the Run button in the toolbar 
right now and, after Xcode compiles die application, you’ll see a 
blank window. 

Now, you may not think that blank window is impressive on 
its own, but actually, there’s a lot going on! First, even though it’s 
blank, the window behaves as you’d expect: you can move it, resize 
it and dose it. Also, note that you have a working menubar that also 
responds to the Quit' command It is Cocoa that is taking care of 
these aspects for you. Over time, you’ll learn to let Cocoa take care 
of as much as possible for you. Quit the application for now, using 
the menu or comma nd-Q, and let’s get back to Xcode, 

Main Window 

Of all the things that Xcode, and the MacRuby template, get 
set up for us are some basic files. Looking in the project navigator 
on the left, you’ll notice ’AppDelegate.rb’, which is where we’ll put 
our code, and under the Resources folder, MainMenu.xib, which 
represents our user interface (the Menubar and window along with 
all UI components). 
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Figure 4 - Default project options 
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Back up everyone, everywhere. 



CRASHPLAN’ 

Continuous Backup for Everyone 


The easy, automatic way to protect all your data. 

Individuals, businesses and enterprises around the world count 
on CrashPlan+, CrashPlan PRO and CrashPlan PROeto keep 
their data safe. 


You can too! Try it for free for 30 days. 


Peace of mind is just a few clicks away at crashpian.com 
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Framed! 


One thing Fve noticed with some MacRuby projects: the 
template doesn't properly pick up the MacRuby framework. 
Well need this to mn the application. While you're already in 
the right place—looking at the frameworks that will get 
linked in—highlight the red “MacRuby,.framework* line under 
"Linked Frameworks and Libraries 1 ’ and click the minus sign 
beneath it. Once removed, click the plus sign to add a 
framework. In the resulting dialog, shown in Figure 4a, type 
MacRuby to narrow the list, highlight the MacRuby 
framework, and click the Add 1 button. 

Choose frameworks and libraries to add: 
fQmacruby Oj) 

Mac 05 X 10,6 
I* Mac Ru by * fra m e wo r k 


Figure 4a - Re adding the MacRuby Framework. 

This is also how you can add a framework when needed 
in a different project. Once added, this new framework will 
show up in the project navigator in the left pane. If you’re 
tidy like me, you’ll drag it from the default location into the 
“Frameworks’ folder. 


Let's create our interface right now. Click (once) on the 
Mainmenuxib fife in the project navigator, and you'll lie brought 
into Interface Builder, Apple's GUI for creating GUIs. 

You'll be looking at a graph-paper inspired workspace with 
your applications menubar at top. If you like, go ahead and 
doubleclick on application name in the menu-bar and change it 
from dhecollector to The Collector. Now, let's create a user 
interface. Click (once) on the object representing the window in die 
object column (see Figure 5). 


Window * thecoilector 


Figure 5 - The window object 


This will reveal die empty window that we saw earlier when 
running die program. You should now lie kxildng at something like 
what is shown in Figure 6. 


fhecoUector Fi)e Edit Format Vtew Window Help 


A 




Figure 6 - Interface Builder displaying our window. 


Now we need to place user interface objects on the window. 
You need to expose the palette of objects by clicking on the 
appropriate view button in the toolbar, Click the third right panel’ 
button in the toolbar, shown in Figure 7. 



View 


Figure 7 - Expose the utilities and object palette. 


At the bottom of this panel, by default, you'll see the File 
template library. We want to select objects from die object library. 
Click on die object library icon (die cube), as seen in Figure 8. 

D Q( r frT)M 

> Object Library -Show the Object libr 

- i - tam — r jii- — m 

Push Button - Intercepts mouse- down i 
events and sends an action message to a 
target object when it’s clicked or. 


Gradient Button - intercepts mouse¬ 
down events and sends an action 
message to a target object when It's. 



Rounded Rett Button intercepts 
mouse-down events and sends an 

MAUJa-Lt3UlAl nhidf f 


Figure 8 - Selecting the object library. 
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Now we can choose some interface objects and place them on 
our window. You can make the selection easier if you use the 
search box at the bottom of the pane. (Again, see Figure 8.) Let’s 
start with a label. Type ‘label’ into the search box, and you’ll find 
there are two types of labels; a multi-line label and a plan, "label 1 
Choose tire multi-line variety; click and drag it from the object 
library window to the window die represents our application’s 
window. 

You should notice that w r hen you drag an object to the 
window, Interface Builder helps you align it so it’$ positioned 
properly It will have the right spacing from the borders of windows 
and away from other objects. Interface Builder does this with the 
blue guidelines it temporarily places on the window. Figure 9 
shows this in action. 
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Figure 9 - Interface Builder displaying guidelines. 


Place die multiline label in the upper left-hand comer of the 
w indow, using the guides for placement Once placed, hover over 
die right side of die label until the cursor turns into the double- 
arrow cursor for resizing, and expand the label all the way to the 
right, until the guides show you the boundary. Next, type ‘button’ 
into the object library search box. Choose a push button and drag 
it to the window. Position it flush right and just under the existing 
label. Again, the guides will help you get the positioning just right. 
Figure 10 shows the completed interface. 


Q n O _The Collector 

Clicking 'Collect' will gather required logs and place a ,dmg 
file on your desktop. 

f Quit | Collect I 


Figure 10 - The completed U! as shown in Interface builder 

YouVe already dragged a multiline label and button to die 
window, This U1 consists of the following additional objects—use 
any word from the object name to search for it in die object library 
(Fve put the word in bold type that you can use in the search box); 
A second push button 
A circular progress indicator 
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A label {plain ‘ol single line label - stretch it across to the 
progress indicator). 

Once the objects are in place, dick and drag the bottom 
window handle to resize the window itself. Again, youll get guides 
as you hit the right positioning, The objects themselves still have 
their default characteristics, so well also need to make a few tweaks 
to these objects. The simple ones first 

Double-click on each button to title it correctly (Figure II shows 
this in action). 
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Figure 12 - The attributes inspector button. 


f* r\ n _thecoiletior 

Clicking ’Collect' will gather required logs and place a *dmg file on 
Vour desktop. 

Label f | fiutton | Collect 


Figure 11 - Giving a button its correct title. 

Double-click rite Multiline label and type in some appropriate 
text. 

Now, choose rite attributes inspector in ihe utilities pane. Figure 
12 shows you this. 


Once the attributes panel is up: 

Click on the window itself and change the title to “The 
Collector". 

Click on rite "Collect” button, and in the attributes panel, scroll 
down until you find rite “Key Equivalent" attribute. Click on the Key 
Equivalent text field and press return. You should see a rerum 
symbol (E) in rite text field. 

Choo.se rite single-line label and, in the attributes panel, look 
down the list and select (put a check in the checkbox) under View- 
>Drawing->Hidden, We want this to start off hidden, and well 
unhide it in code. 

Select the progress indicator and ensure that Behavior- 
>Display When Stopped is unchecked. 

That's it in Interface Builder for now. Let’s add a little (actual) 
code. 

Glue to Interface Builder 

As part of Xcode, Interface builder has knowledge a!x>ut die 
code we write. 'FhLs allows us to interact with the code graphically, 
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Click on tiie AppDelegate. rb + representation in the project 
navigator. (Figure 13 shows this file in die navigator.) 
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Figure 13 - App Delegate, rb in the project navigator 

To liegin with, AppDelegate.rb starts off with a basic shell: 

class AppDelegate 

attr_accessor :window 

def appliestioriDittFlniahLaunching (a_notification) 

# Insert code here to initialise your application 
end 
and 


Tills represents one class, named AppDelegate 5 dial contains 
one method: 

appiicationDidFinishIi{undiing:(NSNotificatJon*)aNotification, 
The appffcationDidFinishl^unching method is one of those bits of 
magic that die Cocoa framework gives us. This is called by 
NSApplication once the application finishes launching. We're not 
going to use this particular functionality in dils application, but do 
know it’s there for you. Now, onto code that we will use. 

You may notice that the first line in the AppDelegate class is 
a variable of type attr_accessor Ruby provides a one-line way of 
creating an attribute accessor. You get both a getter* and a setter* 
for the given variable. (For more on accessors, see 
http://www. roby-doc. org/docs/UsersGui de/rg/accessors, htmL) These 
class attributes are also how Interface Builder knows how to tie 
into your axle. They provide the glue, so to speak. The window 
accessor provided by the template allows our class to interact 
with the predefined window. Lets create some for the rest of our 
UI elements. 

Add die following lines to the AppDelegate class in the 
AppDelegate.rb rile, directly following the L attr_accessor window’ 
line: 

# Jtib componeritfi 

attr_accessor : collect 

attr_accessor :status_label, :spinner 

These attributes represent the two buttons, quit and collect, 
our single line label and our circular progress indicator. Next, let’s 
add a class method so the collect button has something to take 
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action on, (Effectively, what do we want to happen when the 
‘Collect’ button is pressed?) Add the following code directly after the 
applicationDidFinishlaunching method: 


def collectLogs(sender) 

puts “Running the colleatLogs method" 
end 


While this doesn’t really do much, let's go make it work. 

Wire it Up 

Go back into Interface Builder by selecting (clicking once) on 
the MainMenu.xib file in die project navigator If you hover over the 
objects in die column along the left of interface builder, you'll 
notice that one of the objects is named “App Delegate”. This is 
‘glued’ to our AppDelegate class and its code. 

We can send actions to or from objects created in Interface 
Builder to the code in our AppDelegate class. Like everything else 
in Interface Builder this is done graphically. Interface Builder has 


Attachment issues 


How does Interface Builder know to attach this class 
object to our class named AppDelegate? You can see for 
yourself. In Interface Builder, click once on the App Delegate 
object (the blue cube named 'App Delegate) and then select 
the Identity Inspector in the utilities pane, You’ll see that the 
App Delegate is pointing to the class named “AppDelegate/ 
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Fig 13a - Interface Builder pointing an object to a specific class. 

We could point diis to a different class (if we had one), 
or, we could assign other objects in Interface Builder to other 
classes. This isn’t necessary in this simple example, but you 
can see how this allows more complex applications to be 
built, 


gone through our code, looked at accessor variables and methods 
and lets us make connections. You need to point objects that need 
to know about each other, to one another We do dial with a 
control-drag (hold down the control key while you click and drag). 
You control drag from the object dial needs to know' to die object 
it needs to know about. Sometimes, this is a one way relationship— 
our status label, for instance, as we only set it—and .sometimes it’s 
a two-way relationship—for example, our Collect button, as it calls 
a mediod, and then that method can change the state of the button. 
Let s go do all of this now. 
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Start by control dragging from the Collect button to the App 
Delegate object. Figure 14 shows this in action. 
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Figure 14 - Connecting objects. 
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Once you release die drag, the App Delegate object will 
display die actioas it am receive. Since weVe only written one 
mediod, that's all we re offered and can connect. Figure 15 shows 
how Interface Builder displays this, Click on die collecthogs 1 action 
in the pop-up menu to make the connection. 
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h- 

Figure 15 - Making the connection. 

Now t we need to also let the App Delegate class know about 
the Collect button. Control-drag /him the App Delegate object icon 
to the Collect button. You'll find that Interface Builder doesn't know 
which of our outlets to assign to this object. An outlet is formed 
from our accessor variables, and allows our code to act on an 
Interface Builder object, When you release die drag over die collect 
button, you’ll lie presented with a pop-up menu thaL shows all of 
die outlets from out App Delegate class. Click on ‘collect’ to make 
the connection, as shown in Figure 16. 
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Figure 16 - Connecting App Delegate's collect outlet 
to the Collect button object. 
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Now, the collect variable in code points to the button 
object we connected it to. Let's make the remainder of the 
connections. Connect the following from the App Delegate 
object to the object in Interface Builder: 
statusJabel to the single line label, 
spinner to the circular progress indicator 

We also get an action for free: quitting the application. We 
can quit in the same manner as the quit menu item. Control- 
drag from the Quit button to the Application object. This is an 
object that we haven't looked at yet. Instead of a blue cube 
icon, it has a 'generic application’ icon (a pencil, paintbrush and 
ruler that form the letter A 1 ). This pop-up menu will offer many 
more received actions. Connect the Quit button object to the 
'terminate' action. 

That’s it! Run the application by clicking on the Run button 
in the toolbar. 

First Run 

You should now see the application running with the full 
user interface that we defined in Interface Builder. Further, it 
works! Well, it works in as much as we defined. The Quit button 
should work. The Collect button doesn’t collect any logs, but it 
does do what w r e defined in the method it's pointing to: 

def collectLogsisender] 

puts “Running the cclleetLoga method" 
end 


All this method does currently is to write a message to the 
console that says, “Running the collectlogs method,” You 
should see this message each time you press the Collect button. 
Where? In the console! You can see that by enabling the "Debug 
area" You can do this on a case-by-case basis by clicking on 
the 'Enable debug area 1 icon in the view menu of the toolbar 
(the middle of the three buttons). There’s a way that I like more: 
enabling it on run and hiding it after a run completes. You can 
set this by opening Xcode’s preferences and selecting 
"Behaviors ” Figure 17 shows the setting to enable the debug 
area on run. 



Figure 17 - Showing the debug area on run, 
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You can automatically hide debug area by choosing the 
same option under the “Rim completes" action, expect youll set 
the pop-up menu to ‘"Hide” instead of “Show." 

Collecting Logs? 

That's a lot to cover in one month. I'm going to hold the 
discussion of the full source code until next month. If you're 
feeling adventurous, add some code to the collectings method 
and see what happens. In the meantime, I’m going to put the 
working application and source code up on the MacTech ftp 
site at ftp://ftp.nnactech.com. 

Conclusion 

We covered a lot of ground this month. You may have 
installed and run Xcode for the first time. You likely installed 
the latest version of MacRuby, as it’s not only evolving fast, but 
needed an update to work with Xcode 4* Finally, you got 
familiar with Interface Builder and how it interacts with the 
code you write by hand. As I mentioned, the full, working 
source w ill be available right now on ftp://ftp.moctech.com. Look 
at it and poke around, The walkthrough will go through what, 
how and why of what we put in there. 

Media of the month: Portal 2, by Valve Software (available 
on Steam). If you haven't played either Portal, do yourself the 
favor and get Porta] and block out about 8-10 hours for some 
relaxation time. If you haven’t played Portal 2, it’s worth your 
time. 

If you haven’t seen, registration for MacTech Conference- 
Liking place in Los Angeles on November 2*4 2011—is now 
underway, If you’re a technology professional, you owe yourself 
a little professional development time and interaction with your 
peers. 

Find out more at 

hrtp://www T mactech,com/conference/aboul. 

Until next month, relax, soak in/up all of the WWDC news, 
get some more Ruby practice in on your own and don’t be 
afraid to experiment! 


Till 
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Consultant Cowboy 


by Ryan Wilcox 


Pricing (Part 2) 

More thoughts on pricing 

^ — — — — y 


Introduction 

A small business thrives on cash. Cash is needed to pay the 
bills, and often ids a balancing act!between the cash coming in 
and how much one needs to work to obtain this cash. 

In MacTech’s Feb 2011 Cowboy Consultant article, I mostly 
focused on the expenses you have as a full time cowboy 
consultant, and how to take that number and arrive at an hourly 
rate (given billings of 20-30 hours a week). Factor in insurances, 
retirement, travel, some equipment, and shrinkage and you have 
a (naive) hourly number 

Tills article holds additional considerations for your hourly 
rate number For example, what can the local market bare? But 
then again, don't price yourself too high. Or too low! Account 
for slack in your business: there will be times when you’re not 
billing 40 hours a week (or even 30), 

Also, when you figure out your hourly (or project) rates 
you also need to think about your goals in the future: goals for 
your personal success financially, in addition to your successes 
as a person. 

Other Thoughts that may affect price 

Brief review from last article 

To rehash a little bit from Part 1 of the pricing article: your 
hourly rate depends primarily on how much, per month, it costs 
you to live in the area you're living in and how much work you 
can schedule in a given month. For example, if you have a 
$ 1,200/month mortgage, you have to make sure you’re bringing 
in at least that much (actually, much more, when you factor in 
food and utilities), if you’re a full time consultant cowboy. 

Another tiling that could affect price, especially if you're 
coming from a traditional employee job, is the number of things 
your employer used to pick up. You, yourself, are now 100% 
paying for your health insurance, liability insurance, and travel. 
Likewise, you'll also be spending money just to keep your 
business afloat: the occasional lawyer fee, advertising, and 
maybe web design if that's not your strong suite. 


Your current debt, budget, and time for 
projects 

Your level of debt would also affect your price also. The 
average credit card debt for a family is $14,000+, and the 
average student loan debt is $23,000+. The payments on these 
loans, of course, need to factor into your monthly budget. This 
means you'll have to bring in more money a month than 
someone without those loans. 

If you haven't (or haven’t!) sat down and made out a 
household budget, that's probably the first place to start. Then 
divide by 4 to get how much money you need in a week, and 
divide by 5 for money per workday. 

Likewise, you need to pay for your business development 
time too: time doing bids for projects that don't pan out, time 
doing marketing and research. 

Likewise, vacations, and any other kind of day off, are 
always unpaid. This is certainly something to think about when 
you’re planning out your budget and monetary requirements for 
the year. 

Of course, all this needs to be balanced with the client 
project work on your desk currently. Sometimes even this is a 
balancing act: too much client work and important business 
development (which means project work in the future) goes 
unattended. Too much business development, and rent doesn’t 
get paid. (More on this topic latter in this article) 

Minimum Viable Income 

u How many clients do you need to serve to make even a 
crappy living?” - The Intelligent Entrepreneur by Bill Murphy Jr, 
While, The Intelligent Entrepreneur focuses mainly on 
startups that got big, that bit of advice applies to freelancers 
also, How many clients (or projects, or billable hours) do you 
need to make a crappy living? 

In an Agile software development project, often the 
question comes up: “What is the minimum viable product that 
we can ship and get out to people?” As a cowboy consultant a 
similar number should be in your brain: the smallest amount of 
money you really need to survive. Then strive to make that, and 
strive to make twice that, and so on, 

What will the local market bear? 

I've previously talked about the advantage of living in an 
area with a low cost of living. The advantage is the little amount 
of money it takes to live. The disadvantage? Local businesses 
can’t charge as much for their products, and thus might not be 
able to afford to buy your services at a high hourly rate. 

Then again, you also have to make enough money to live. 
In a big city area you have another problem: dealing with 
competition. Your clients may be expecting to pay within certain 
price range, which may (if you’re lucky) he set by your 
competition. T paid $500 for this service at Brand X Consulting 
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We're Easier. 

In fact, Real Studio is the easiest, fastest way to create software for Mac OS X, Windows, 
Linux and the web. 

Why use Real Studio? Real Studio is the only object-oriented, cross-platform software 
development tool that enables users at all levels to create powerful, stand-alone, native 
applications. With over 40 native user interface controls including buttons, lists, fields 
and tab panels, extended database support, native reporting and Internet and networking 
features, Real Studio is cross-platform that really works. 

Now, Real Studio Web Edition allows you to use this powerful development environment 
to easily build web applications — no need to know HTML, JavaScript, CSS, AJAX and 
PHR And, unlike those usual web technologies, Real Studio compiles your web 
applications to binary, so they are safe and easy to sell. 

Real Studio. Cross-platform development for humans. 


real studio 


For a limited time, getting Real Studio is easier too. 
Get 20% off when you buy a new Real Studio license, 
Use coupon code WWDC2011. 

www.realsoftware.com/realstudio 








last time I did it, so that’s about what Hi pay this time* might be 
what your client thinks. 

The articles on marketing will talk about differentiating 
yourself from the competition, but there’s also a range: price too 
high and potential clients can’t afford you. 

Your 3-4 month stash 

Ideally your prices will also let you build up a stash of 
money you can use when you are between projects, and 
replenish tills stash over time. 1 like a 3 month stash: this gives 
enough time for 1 month of project hunting, 1 month of 
working, then another month of waiting to get paid (assuming 
NET-30 terms on the invoice). 

In my experience even the simplest projects take one 
calendar month to finish, and another calendar month to get the 
money. The first month, from initial contact to completion of 
project, usually goes like this for me: 

* Week 1: Initial contact, l draw up a quote, they consider 
it and say yes 

* Week 2: Initial Implementation 

* Week 3: Client QA, and making fixes on said project 

* Week 4: Deployment and final tweaks. 

While my experiences lately have l:>een with these as small 
side projects, some of this time delay is unavoidable. You might 
lie laughing at me now, but let’s assume 1 month to he on the 
safe side, 

The kicker here is often NET-30 style terms on the invoice 
(T give you 30 days to pay this before l get annoyed"). With this 
calculation it’s 2 months from the initial concept to when you get 


paid: one or two months rent. What money do you use to pay 
those bills while you're waiting for that money to come in? 

This is the good scenario too: when the project concludes 
successfully and both parties go their separate ways, happily. 

However, note that I’ve had to pay rent twice since we said, 
“yes" to the contract? This delay could mean some tight financial 
times as you wait for that check to come in, as bills pile up. This 
is where the stash comes in, to give you a little boost through 
those lean times. Your hourly price should be high enough so 
you can pay back that stash occasionally. 

Don't price yourself too high 

As a computer programmer I realize that programmer time 
is expensive: it’s a highly skilled profession, and big complex 
applications take time to build, thus expensive, I do what I can 
to keep my services affordable to potential clients. 

Lower cost means more people can afford my services, and 
1 can build more long-term clients.,, or so my theory goes, fll 
grant you that this may or may not be correct, but that’s my 
theory. 1 also, personally, want to make sure small businesses get 
the technology solutions they need. That’s a market Tm 
interested in (I’m a small business, 1 feel I should help other 
small businesses), so it’s important to me to be priced 
appropriately. 

Don't price yourself too low 

To counterpoint everything said about pricing too high, you 
also don’t want Lo price yourself too low. There are two reasons 
for this: budgetary, and appearance. 
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LassoSoft 

security, speed, simplicity 


Proof that ail programming languages are not created equal. 

Quick to learn, fast to deploy, Lasso is a powerful, 'batteries included’ development 
platform specifically geared to the web that has 95% of the libraries you'll need to do 
the job, and db connectors, email support, curl support, SOAP, PDF, and endless 
scalability from C and Java API's - ail included right out of the box. 

Free full product download for learning and dev builds, Full license from $49/month 
leased or $399 to own. Extensive community and free resources. 
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The FAD1 protective carrying case, also known the Audioglove, is designed in such a way that 
the user can open the case and redirect the sound toward him/herself. This audio enhancing func¬ 
tionality is not offered on any other protective carrying case. The Audio Glove enhances and ampli¬ 
fies the volume and quality of sound emitted by the iPhone. 

It's simple design corrects a fundamental flaw in the iPhone that 
suppresses good quality sound and tone production. The retract¬ 
able audio drawer on the FADI Audioglove eliminates the need to 
attach external speakers. Now you can amplify the phone without 
restricting its mobility and ease of use. 

As an added bonus, the Audioglove makes the speaker-phone sound warm and full for people 
on both ends of the call — now your iPhone can operate as a hands free device without a Blue¬ 
tooth accessory! 

Constructed from polycarbonate - The same material used for bullet proof dividers at banks. 
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Budgetary concerns aie the kicker. As a consultant you 
should not assume you’re going to bill 40 hours a week. There's 
a balance here: you have certain expenses every month 
(rent/mortgage, taxes, utilities, food, savings) and only certain 
number of hours in a week to get this all done. 

The next concern is cost vs, quality and perceptions, A low 
hourly rate might actually drive away potential clients! Potential 
clients might scoff at your rate and think, “I need a professional 
to do this work, but at this price Ym obviously getting a kid right 
out of school, who wouldn’t be able to handle this kind of task”. 

A low rate might actually come at the cost of your own 
quality. For example, a low rate might mean you have to bill 50 
hours a week to make rent, leaving no time for personal 
development and enhancing your skillset. In technology this is 
important: going to conferences or reading, or open source, 
volunteer, or writing work. 

So, while your rate might seem extraordinarily high to you, 
if you can fill those hours then it’s just about right. 

Other, less obvious signs, might point to your rate being too 

low: 

• You live modestly, but there never seems to he enough 
money to make ends meet. If this happens several months in a 
row, time to reevaluate something. Maybe you’re in the doubly- 
taxing position of having too much work, but struggling to pay 
rent (or taxes). I’ve been there myself - its really no fun. Time 
to step back, evaluate what’s going on. 


• You feel like you need to work more than 60 hours a 
week, most of the weeks of the year, to pay the bills. While you 
probably won’t get rich as a Cowboy Consultant, it also 
shouldn't land you in the poorhouse, 

* You seem never to have quite enough to pay your taxes, 
or you have to set aside an entire month's worth of income, at 
once, to cover your quarterly taxes. 

Hours you can find to bill in a week 

1 talked about this in the “Price for =< 20 - 32 hours a 
week” section of the first article. Each of us has responsibilities 
outside of billable work. For example, business development is 
an important part of running your business: you need to spend 
time to bring more clients in. This takes time. 

Likewise, you might have other commitments outside 
billable client work. 1 assume that Ill lose one day a week to 
errands, writing, and my own projects, so 1 adjust my rates 
accordingly. Taking one day off a week gives me time to do 
oilier, unbillable tilings. Ill use Wednesdays to do estimates, run 
errands, work on some of my side projects, work on business 
development or personal development. It also helps me, 
personally, keep my sanity. 

The Wealthy Freelancer (by Slaunwhite, Savage, and 
Gandia) talks about lime management like a puzzle: you can 
swap out a piece here and there and replace it with another 
piece, if you need to. For example, occasionally 111 take 
Wednesdays and spend half the day on client work, to finish up 
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a big project. That means something (business development, for 
example) loses out. Or maybe cutting back on something work 
related to be able to pick your kids up from school. 

Some weeks you’ll just get less work done than normal. 
That's where the 3-4 month stash is also useful to cover some of 
this slack. That's also the tricky thing about billing based on 
hourly rates: sometimes you don’t get in as many hours as your 
budget requires, (The next Cowboy Consultant article will talk 
about different billing methods, which may have less of an 
impact on your budget!) 

For example, 1 spent a fair bit of time over the past to 
weeks billing only about 20 hours a week, because I was 
working on business development. The business development 
needed to get done: I've been ignoring some of those things for 
6 months or more, and I r m glad I have a little bit of a stash to 
cover for the hours I didn’t bill. 

Note: your income is limited by a scaling 
problem 

Eventually you'll hit the issue where you realize there's only 
one of you, and that you can only serve a couple of ongoing 
projects at a time. If you're already maxed out on workload, you 
can't take on another client: there's a limit cm your time. 

This limit on your time means so you can’t lowball 2 clients 
then think Til just take on a third project to pay my rent — that 
will make up the difference!” 

Lowballing the price on something then hoping to make it 
up on volume doesn’t work with real world goods, and really 
can't work for consultant cowboys. You can hire more people, 
but that has problems all its own. 

From 37 Signal’s Rework: "maybe the right size for your 
company is five people. Maybe it's forty, Maybe it's two 
hundred. iMaybe its just you and a laptop. Don't make 
assumptions about how big ahead of time. Go slow and see 
what feels right: premature hiring is the death of many small 
businesses.” 

Sometimes you will have to turn down that big job, because 
you don't have the 5 people it would take to deliver it. Maybe 
you want to take the contract, but its a 3-month full-time 
contract, and you don’t have the hours available for that. There 
are ways around that (teaming up with another freelance 
company to split up and finish the work, for example), but 
sometimes you have to turn down work because you're already 
booked. 

Slack 

There’s also intentional and unintentional slack in 
businesses. For example, if you pack your calendar tight with 
projects, one being scheduled right after the other is done, what 
happens when one project slips a due date? 

Better to create some intentional slack: end a project on 
Friday and set your schedule so that you start a new one 3 or 
4 days later. How much slack depends, but you do have to make 
sure your hourly rate is high enough so you can, in fact 
schedule slack. 
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Unintentional slack can also happen. This might be the 
time it takes you to find the next client or project. 

But, during both of these times you aren't working! 

Your unbillable percentage 

You might find yourself putting in more unbillable hours 
then you’d like. Or maybe you’ve gone a few weeks and not 
able to get the billable hours in that you’d like. 

Maybe now is time to take a step back, and track 
^everything* in your day How long you spend on email when 
you get up, how long you work on client work, how r long you 
work on other stuff at night. How long you do marketing or 
machine maintenance, or other business Spring-cleaning that 
you might have to do? Do this kind of tracking for 2 weeks, 
and examine your habits. Maybe you spend two hours 
reading news every day, or too much time improving your 
own website. A little bit of tracking, and a little bit of analysis, 
can bring your time sinks to light. 

If you don’t like manually entering everything into your 
lime tracking tool, try an app that does it for you! Apps that 
come to mind like this are; TrackTime, and SLife, but there 
are at least a half-dozen other apps for this on the Mac App 
Store, These will, at the very least, report that you were in 
NetNewsWire for 4 hours yesterday, instead of being inside 
your text editor, Xcode or whatever other app you make 
money from being in all day. 


Dreams: Where you want to be 

Beyond the basics of retirement, do you have other 
goals for yourself or the business? For example, going back 
to college, paying off student loans, taking on employees? 
This should also go into your budget. 

Likewise, 1 poured my own money into my business 
initially, and feel the need to pay that back. 

Depending on how close you are to retirement age, and 
what your goals are during that time, you might have to 
consider this in your rates also. 

However, the awesome thing about freelancing is that 
you can set your own hours. If you want to "retire” and bill 
10 hours a week to bring in some “pocket money 1 * (which, at 
good rates, might actually be considerably more than simply 
pocket money. 

Lifestyle design / Criteria for success 

An alternative is to consider what you want your lifestyle 
look like. Instead of looking at your income and deciding 
what you can do w f ith the money you have created, look at 
what you want to do and figure out how to get there. 

Some of these thoughts will affect your prices. If you 
know you have only 11 months out of the year to make 
money in. because you want to take one month off every 
year, that's a factor in what you have to charge your 
customers. 

The Wealthy Freelancer has a worksheet that 
encourages you to envision your ideal day, your perfect 
workday. Perhaps your workday includes a one-hour lunch 
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break allowing you to go to the gym everyday Perhaps you 
need to stop work at 4 PM when your children get home 
from school. 

Now think: does your lifestyle design change your 
availability, and given my income requirements how much 
do I have to charge my customers per hour? 

For example if your lifestyle design includes scaling 
down your work during the summer to relax with your 
family one way you can achieve that goal would be to set 
aside the mornings for work and then enjoy yourself in the 
afternoons. However, because your availability has 
decreased, the amount you charge per hour needs to be 
higher than if you were planning on 35 hours per week 52 
weeks a year. 

The Four Hour Work Week , by Tim Ferriss can help you 
here. It has excellent resources for lifestyle design and offers 
a “dreamline” worksheet, which gives you number crunching 
power for your ideas. 

Now, don't expect to have all your goals, or achieve 
your ideal lifestyle, all in the first year, or two..,or five. 
Setting goals now r does give you some idea what your prices 
should be, and may let you understand yourself so you can 
pick the correct projects for you. 

In the first article in this series, 1 talked about making a 
Criteria For Success list. Does any item on that list affect 
either the lifestyle you want, or the availability you have? 
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If you don't have a Criteria For Success list, now is a 
good time to make one. Ask yourself: “What do I define as a 
success?” This both helps you to define success, and gives 
you goals to shoot for. It's rather silly to have a goal, H I want 
to spend 3 weeks backpacking every year", but have your 
pricing or availability exclude the chance of that happening! 

Maybe you don't have any particular goals. There's an 
interesting blog entry from the Dumb Little Man blog: 
(hltp://www.dumblhtleman.com/2009/09/how‘to-set'goals' 
when-you-have-Fioudea.html) on this very topic! 

Don’t be Daddy-Who-Is-Boring 

A Business Insider post caught my eye the other day: 
(http://www.bu5inessin5idef.com/the-wake-up-call-2010-1 2). 
This post talks of a man who started his business to be able 
to see his family mcare, who now his daughter calls “Daddy- 
who-is-boring*. 

The Work/Home dividing line pretty much disappears 
when you are working from home, out of a spare bedroom. 
Because you'll snatch up the laptop and do work while your 
kids are playing, or watching a movie, or hanging out - and 
there are you missing the action because a PRIORITY ONE 
email message came in. 

Maybe you want clients that don't have 9 PM meetings 
Sunday nights (true story). Or have the ability to go to the 
park some days, instead of working. 

This might involve saying no to a few r projects (super 
late projects where everyone's going 80 hours/week, 
anyone?), or making sure to balance your time well,,, or 
maybe just leaving the laptop in the office sometimes. 

Conclusion 

You could see figuring out your hourly rate as way to 
value with both parties in the equation: value your client (by 
making sure they get you at your best), and valuing yourself 
(making sure you live a comfortable life - maybe not luxury, 
but ideally comfortable...maybe not at first, but eventually. 

There is a careful balancing act here, one that needs to 
be reevaluated every so often (once a year, as part of your 
business retrospective, for example). 

Next article will cover some other traditional and non- 
traditional methods of billing and payment, potentially 
changing some of your current client payment options. 


'All 


About The Author 

Ryan Wilcox has been consulting on his own for the last 8 years, through 
ups and downs in Ids business, in 2009 he started thinking about best 
practices for business, in addition to his normal thinking about 
programming. He can be found at: http://www.wHcoxd.com. Have 
thoughts or want to give feedback on this article? rwHcox@wHcoxd.com 
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Developing Enterprise-Friendly 
Software for Fun and Profit 


by Greg Neagle, MacEnterprise.org 





MacEnterprise.org 

Mac OS X enterprise deployment project 


Introduction 


Interest in Mac development seems to be at an all-time high. 
Sales of Mac hardware are growing at a rate faster than the 
industry as a whole, and many developers are hoping to build 
on their experience and success on the tOS platform by also 
developing for the Mac platform. 

The advent of the Mac App Store has also brought new 
developers to the Mac. The Mac App Store solves a lot of 
problems for small developers, allowing them to sell their 
software to Mac users without having to develop and maintain a 
web storefront on their own. 

Small developers new to the Mac may think of the Mac as 
in use only by individual users or possibly very small businesses, 
and might not give much thought to the issues around 
purchasing and deploying their software in large organizations. 
Even large, established software developers have been known to 
ignore these issues, and have shipped software that was not 
"enterprise-friendly" 

Let's define that phrase, Software can be considered 
enterprise-friendly when it can l?e easily purchased for large 
numbers of users, installed with automated tools, and when 
installed, it works as expected for all users of a given machine 
with no additional past-install configuration that cannot be done 
as a non-privileged user (i.e,, a user without administrator rights). 
In this context, “enterprise" really refers to scale, Any 
organization with a large number of computers can be 
considered an "enterprise" environment, Schools and universities 
face many of the same issues as private enterprises when it 
comes to purchasing, deploying and supporting Mac software. 

In this column, we’ll look at some of the common issues 
that make software purchase and deployment difficult in 
enterprise environments and what software developers can do to 
make their software more enterprise friendly. 

Why bother? 

If you are a software developer, why should you bother 
making the purchase and deployment of your software 
friendly to enterprise environments? 
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The number one reason is that if you do, you'll sell more 
of your products] If you make it too hard to purchase and 
deploy your software in an enterprise, systems administrators 
will look elsewhere and recommend other software that they 
can deploy in their organization. 

Another reason: if your installer is not enterprise- 
friendly, and if their organizations insist on using the software 
anyway, systems administrators will almost certainly have to 
repackage your software in order to deploy it to their 
organizations. This introduces opportunities for errors to 
creep into the install process, as a repackaged installation 
may not install everything as intended, or may install things 
in a way that introduces problems. As an example, 
repackaging Adobe CS2/CS3/CS4 products often resulted in 
installation packages that stomped on or overwrote activation 
and licensing for other Adobe products. It’s much easier to 
support your own software when you know it was installed 
with your own installer, and not via some ha eked-together 
method developed by an overworked system administrator 
who is not as familiar with your software as you are. 
Repackaging software for installation introduces new 
variables to support. Worse, each organization that 
repackages your software may do it slightly differently - your 
support burden potentially increases each time a new 
organization purchases your software. 

Making software truly enterprise-friendly should not be 
something left for the end of development when you are 
building the installer, Design decisions made early on can 
affect how easy It is lo install, configure and use your 
software in a large organization. Being aware of the issues 
should help you make better design decisions. 

Purchasing 

The road to enterprise-friendly software starts with 
purchasing. Make sure large organizations can buy licenses 
for multiple installs/users of your software. Enterprise 
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administrators don't want to have to purchase 100 boxes of 
your software to install 100 copies, and they don't want to 
have to enter 100 registration/license codes and keep track of 
which machines have which license codes. Plan for some sort 
of multi-user licensing if you want to sell your software to 
large organizations. 

Mac App Store 

With the release of Mac OS X 10.6.6 in January 2011, 
Apple opened the doors to the Mac App Store, an attempt to 
bring the popular success of the App Store for IQS devices to 
the Mac. 

The appeal and ease-of-use of the Mac App Store has 
enticed some developers to make their software available 
solely through this channel The Mac App Store is a fantastic 
tool for individual users to discover and purchase software. 
But it is not very useful when it comes to purchasing software 
for enterprise use, as the terms of use for software purchased 
through the Mac App Store would prohibit the installation of 
a single purchased copy on hundreds or thousands of an 
organization's Macs. Add to this the fact that applications 
purchased through the Mac App Store are linked to a specific 
Apple ID - again, not an ideal situation for large-scale 
deployment. If you wish to sell your software to large 
organizations, you must provide a purchasing and acquisition 
method that does not rely on the Mac App Store. 


Installation 

Once an organization has purchased your application 
and enough user licenses, they will want to install it on 
(possibly) a large number of machines. Large organizations 
will generally not have armies walking around and manually 
running your installer by double-clicking it. Instead, they will 
be using a software deployment mechanism that 
automatically installs software on large numbers of machines. 
Your software’s installation method must work with enterprise 
software deployment systems. 

Some automated software deployment tools for Mac OS 
X commonly in use include: Apple Remote Desktop, JAMF 
Casper, Absolute Manage, Puppet and Munki. 

This list of deployment tools may have you wondering: 
"How can I make sure my software can be installed by all 
these tools? That sounds like it will be difficult and Time- 
consuming to test!” But in truth, its not that hard as long as 
you adhere to some basic principals, since most automated 
software deployment tools use similar mechanisms for the 
actual installation. 

First: use the Apple package format. It’s not perfect, but 
every major software deployment mechanism works with 
Apple's packages. Apple itself leverages the Apple package 
format to install software suites like ilife and Final Cut Studio, 
and even to install Mac OS X itself. .So it seems reasonable 
that it is possible to install your software using Apple’s 
package format. If, instead, you create your own installer 
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application or use a third-party installer technology like 
InstallEase or InstaliAnywhere, it ? s likely your installer will 
not work in an enterprise environment. 

Second: avoid pre- and post-install scripts if at all 
possible. If you must utilize scripts in your package, test them 
in scenarios found in enterprise deployments. Well go into 
more detail about that in a bit. 

Third: your package should install everything needed to 
run your software. It should not leave additional installation 
tasks for the first launch of your software. Remember that in 
an enterprise environment, the person who first launches 
your software after install may not have administrative 
privileges. They will be annoyed when your software asks for 
administrative credentials the first time they try to use it* Your 
software's installer has administrative privileges - it should do 
things that require admin rights ar that time. 

The “fancier" your installer, the greater the chance it will 
do something that makes it incompatible with an enterprise 
install, So keep your packages simple and test them for 
unattended installation. 

Testing your Package 

The simplest and most important thing you can do as a 
software developer to ensure your software’s installer 
package is enterprise-friendly is to use an ssh session and 
the command-line installer tool (/usr/sbin/installer) 
to install your software on a machine. Test the install both 
with no one logged in as a GUT user and also with a GUI user 
logged in. Here’s an example: 

% ssh gneagle@aquaman 

Last login: Tue Mar 29 10:56:17 2011 

gneagle% sudo installer -pkg /tmp/foo,pkg -target / 

installer: Package name is Foo 

installer: Installing at base path / 

installer: The installation was successful. 

Here we install Foo.pkg using the command-line 
installer on the machine “aquaman". Even though the 
installation completed successfully, we must manually test the 
software to be sure it functions as expected. You should 
perform the command-line installation test with no user 
logged into the machine (with the login window displayed), 
as well as with a user logged in to make sure the installation 
completes correctly in both scenarios. When software is 
deployed in an enterprise, any given machine may or may 
not have an active user logged in, so you must test with no 
logged-in user. Be sure to test under Tiger, Leopard and 
Snow Leopard if your application runs under ail of those 
versions of Mac OS X. 

If your software can be installed successfully with this 
method and your software functions as expected when 
installed this way: congratulations! There's a very good 
chance your installer package is enterprise-friendly, and will 
work with all the major software deployment systems. 
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Pre- and Post-install Scripts 

The most common thing that causes a package to fail to 
be enterprise-friendly is poorly written pre- or post¬ 
installation scripts included as part of the package. 

If your installer makes use of pre- and/or post-install 
scripts, test them during your remote install tests to make sure 
they don’t do anything visible. They should not open Finder 
windows or launch your application or quit other 
applications or modify the current user’s Dock. Even if you 
think actions like these are desirable when your package is 
installed interactively, they are definitely undesirable w'hen a 
system administrator is trying to install your software to 
hundreds or thousands of Macs, 

If you really must have your installation interact with the 
user when doing a manual install, you can still wriLe your 
scripts to do the righL thing during an unattended install A 
pre- or post- script can tell if it’s being run in the context of 
a non-GUI install: the installer command sets the 
COMMAND_IINE_INSTALL environment variable. Just test 
for it and skip over a task that’s inappropriate when installing 
at the command line, Here's a Perl example from a postflight 
script in the [Tunes install package that updates the Dock: 

# exit if command-line install 

exit tO) if ($ENVl*COttMASD_LINE_INSTALL 1 1); 

# update user’s Dock 


If the package is installed interactively, the Dock is 
updated for the current user. But if it’s installed via the 
command line, the script exits, leaving the Dock untouched. 

Another common mistake in pre- and post-install scripts 
is the use of the SUSER variable to attempt to get some 
Information about the currently logged in user, or to access 
the user's home directory. When the installer is run at the 
loginwindow by the root user, “(USER 11 is undefined and 
scripts that use that variable may not perform as expected. 

Installer packaging extra credit 

There’s an additional scenario your installer package 
might encounter in an enterprise deployment, A common 
practice in large organizations is to configure new machines 
using an "image". Installation images capture the entire state 
of a startup disk: the 05, installed software, and the 
configuration of each. There are a couple of methods of 
building installation images that use Apple packages to install 
the OS and all extra software and configuration files. The 
unusual bit is that when these images are built, the installer 
packages are used to install software on a disk that is not the 
startup disk. Some installer packages make assumptions in 
pre- and post-install scripts that they are installing only to the 
startup disk and fail to run correctly when the installer 
applies the package to a disk other than the startup disk. For 
extra credit and better compatibility with this workflow, test 
the installation of your software on a disk other than the 
startup volume. 
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Post Installation 

You’ve made it easy for an enterprise to purchase and 
install your software. That’s a good start. But there are post¬ 
installation issues that can make your software easy or hard 
to deal with in an enterprise environment. 

Activation, Registration and Licensing 

Much commercial software requires some sort of 
activation, licensing, and/or registration before it can be used. 
If activating or licensing your software requires manually 
typing in a long code on first launch, it’s not enterprise- 
friendly. Consider providing a method for enterprise licensing 
and activation: perhaps a licensing package that can be 
installed, or at the bare minimum a command-line tool that 
can be run. Some organizations have implemented network 
licensing servers or software asset management systems; 
consider supporting these. 

User registration, in which you capture some contact 
information about the user of your software, may make a lot 
of sense for individual purchases. But in an enterprise 
deployment, is it really valuable to get incomplete and 
inaccurate info from hundreds of employees of the same 
company? Presumably you already captured the important 
information w r hen you sold the multi-user licenses for your 
product to that company. Consider providing a way for a 
systems administrator to pre-register software before 
deployment and/or turn off any user registration prompts. 
This mechanism should take effect for all users on a machine; 
it's not helpful if it requires modifying something for each 
user. 

Remember also that the person using a machine day-to¬ 
day may not be the person who installed or activated the 
software, A technician who must manually install or activate 
your software may do so while logged in via his or her 
account, or while logged in via a local administrative account. 
If that activation is stored somewhere in the home directory 
of the user who did the activation, it won’t be available to the 
‘reaU user of that machine when he or she logs in next. This 
problem is even worse in the education arena, where there 
may be many users sharing a group of machines. Installation 
and activation of your software should make the software 
available and usable by all users of a given machine. This 
means storing the activation/licensing info somewhere 
readable by all users, /Library/Preferences or 
/Library/Application Support are good candidate 
locations for licensing/registration information. 

Additional First-Run Installs 

Several commercial software packages offer to install 
additional components on the first launch after installation, 
prompting for administrative credentials. This is problematic 
in an enterprise environment, as the user running the 
software for the first time may not have admin rights. You can 
avoid this issue by making the additional components part of 
the original installation package, possibly as optional installs. 


If this isn’t possible, provide a manageable preference to turn 
off the installation of optional components. See the 
discussion on managed preferences later in this column. 

Even if your software offers to install items in the user’s 
home directory (and therefore doesn’t need administrative 
credentials), consider the scenario where there are multiple 
users on a single machine - does your software really need 
to copy the same files to every user account 7 If these files are 
templates, examples, or stationery, consider making them 
available to all users from a shared location, and install them 
there as part of the installer package. 

Updates 

Many vendors have their applications check for their own 
updates. Some use the popular Sparkle framework for this 
functionality; others roll their own solution. This is a great 
strategy for individual purchasers like home users, where the 
purchaser is the primary user and essentially the 
administrator for his or her ow r n machine. But again, in an 
enterprise environment, applications that check for updates 
can be an annoyance. Bandwidth is wasted when one 
thousand copies of an application, all installed in a single 
company, each go out to the internet and retrieve one 
thousand copies of the update. Worse, once they've 
downloaded an update, they might alert the user of the 
software and ask for administrative credentials that the user 
doesn’t have. 

For these reasons, it’s essential that you provide a way for 
system administrators to turn off any auto-update mechanism 
for your software. You must also make updates available via 
an alternate mechanism that can be installed the same way 
the original software was installed. ThaL means updates that 
are distributed as standard Apple packages. The mechanism 
for disabling update checks should be global - that is, it must 
work for all users of a given machine. That could take the 
form of support for Apple’s managed preferences framework, 
or |ust a preference file in a globally accessible location. Be 
sure to document this! 

Preference Management 

Since we mentioned Apple’s managed preferences 
framework, this is a good opportunity to talk about 
preference management. In large organizations, It is 
sometimes helpful for system administrators to be able to 
manage settings or preferences for a piece of software. 
Sometimes this takes the form of setting helpful initial 
defaults, or turning off inapplicable or unsupported 
functions. Other times this might involve setting and 
enforcing an organizational policy. 

You can at the very least make your software's 
preferences manageable at the most basic level by storing 
your software’s preferences in Apple’s property list format in 
the standard locations {-/Library/Preferences and/or 
/Library/Preferences), Preferences stored this w T ay are 
manageable via Apple’s managed preferences frameworks. If 
you use CFPreferences from the CoreFoundation framework 
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or NSUserDefaults from the Foundation framework to handle 
your software’s preferences, you’ll have even better 
compatibility with Apple’s managed preferences. 

Et cetera 

Here are a few other things that might differ between 
individual home/small business users and users in an 
enterprise environment: 

Enterprise users may have network home directories 
instead of home directories on the local disk under /Users. 

Even without network home directories, enterprise users 
are more likely than home or small business users to store 
data on file servers. 

Don't assume file servers are AFF (Apple File Protocol) 
servers; in large organizations Windows (SMB/CIFS) file 
servers are the rule, and NFS file servers aren’t unknown. 

Enterprise laptop users are more likely to be using 
FileVault to protect their data. 

If your software isn't tripped up by any of these, it's more 
likely to play well in the enterprise. 

Conclusion 

Making your software enterprise-friendly need not be 
difficult A little planning and consideration of enterprise 
issues will help you avoid common pitfalls. Package your 
software using the Apple package format and test command¬ 


line installations. Provide enterprise administrators with ways 
to license and/or activate your software via the command 
line, by installing a package containing licensing information, 
or by using a network license manager or asset manager. Give 
enterprise administrators the ability to suppress registration 
dialogs and auto-updates. Store your software's preferences 
and configuration in the standard Apple property list format, 
or even better, use Apple's preference frameworks. 
Remember that in a large organization, your software’s users 
may not be administrators, and that an enterprise machine 
may have more than one user. Follow r these guidelines and 
you’ll have software that’s easy for enterprises to buy, install, 
configure and use. Who wouldn't want to sell a few hundred 
thousand extra copies of their software? 

Till 
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CORESEC: SECURITY TOPICS FOR ADMINISTRATORS AND PROGRAMMERS 

Secure Shell (SSH)-A Hidden Gem, Part 2 


SSH is a powerful tool with many uses. 
Let’s explore this staple of OS X 

By Michele (Mike) Hjorleifsson 


Introduction 

Last month we looked at the basic underpinnings of SSH; 
how to configure the client configuration files, server 
configuration files and create key based authentication. We also 
reviewed some of the built in utilities and applications that come 
with Open SSH, This month we will dive a bit deeper, looking at 
SSH as a communication tool for other applications to use when 
a secure, simple connection needs to be made from one host to 
another to accomplish a variety of tasks. 

Command Line SSH Goodness 

Last month we looked at scp as a method lor performing a 
secure copy from or to a remote host, including die recursion 
option to mirror a directory from one host to or from the other. 
While this is great for a single operation, it doesn't lend itself to 
die backup and recovery operations that administrators perform 
all the time, Rsyne, from the people that brought us SAMBA 
(windows SMB integration), allows you to do fast incremental 
transfers/backups of data over SSH locally or across die globe. For 
example, using die command below, rsyne would look at the 
/backup/tJsers directory on your local machine, compare it to the 
content of /Users on the remote host and copy any files that 
needed copying from the remote host to the local machine all 
over a nicely secured SSH session. The benefits to this versus sftp 
or scp are twofold; first, you aren't making a full copy of files you 
already have on the local side, and second, it's therefore much 
faster. 

rsyne -ovz -e ssh foot@remotehost.com:/Users/* /backup/Users 

The command line options -avz tell rsyne that this is an 
archive (a), to perform the operations in verbose mode (v) so we 
can see what is happening and to compress die data traffic (z). 
The -e option tells rsyne to use SSH as its communication 
protocol instead of ids own client/server protocol (which would 
require you to setup an rsyne launch daemon on your server.) 

For this to work in a script that runs unattended, you would 
need to create ssh keys and setup die authorizedjceys file on the 


remote host (see last months article) and ensure that the user you 
are using to connect with has permissions to read the files / 
directories in question. 

Mounting Remote Filesystems 

Another wonderful command line set of tools are die 
combination of MacFuse and SSHFS from Google. You can 
download MacFuse from 

http://eode,googlexom/p/macfuse/downloads/list and install on die 
machine you would like to connect from. MacFuse provides the 
File System in User Space (FUSE) environment originally 
developed for Linux. The FUSE system allows users to load and 
unload file system drivers on the fly rather than embedding them 
in the kernel or a kext file, SSHFS on die other hand is a 
pluggable module for FUSE that allows you to mount a remote 
file system over SSH as if it were local. Installing SSHFS is a little 
bit more complex and is currently only working in 32-bit mode 
(vs, 64 bit), though it works well. To install SSHFS, you need to 
download the binaries from 

htlp://o5xbook,com/downto0d/sshfs/sshfs‘stoticdeopard,gz or via svn 

Svn ct> http://macfuse.googlecode.cojTi/svn/triJnk/ 
filesystems/sshfs/binary sshfs- binaries 

Once downloaded you need to copy the sshfs-staticdeopard to 

a location in your path, for instance: 

sudo ep ./sshfs static-leopard /usr/sbin/sshfs 

sudo chmod 755 /usr/shln/sshfs 

Once in the path and executable you can connect to remote 

hosts using the a simple syntax: 
sshfs user@host:/path /mypath - 
oauto_cache p reconnect ,volnaroe^<volname> 

You will need to ensure that /mypath is a valid directory on the 
local filesystem. If you have setup SSH keys, it will just 
connect. If not, you will be prompted for the password for the 
remote system. Once connected, the remote filesystem can be 
seen in Finder or a shell and treated like any other network 
share. 
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Protecting SSH 

One last command line gem is DenyHosts, an open source 
project that tracks SSH logon attempts and stuffs potential hackers 
into your hosts.deny file automatically preventing them from 
trying to connect again. You can use this tool on Mac OS X or 
Linux and its freely available for download at 
http ://sourceforge, net/pro jeds/denyhosts/ 

Graphical Tools 

The graphical side of the SSH picture is even prettier than the 
command line tools, and 1 don t just mean the look and feel. 
Several developers have made some wonderful SSH tools that are 
either Freeware, Shareware or paid for software. File transfer 
software like Cyberduck, Transmit, Filezilla, Interarchy and most 
FTP graphical applications support SFTR This provides the ability 
to securely move files between your systems with a nice graphical 
interface. Super Flexible File Syncronizer from Super Flexible 
Software (hltp://www. superflexible.com/feataFes.htm) enables you to 
do graphical directory synchronization over SSH and other 
Internet protocols. 

YazSoft provides a utility called ShareTod 2, which allows 
you to see and connect to Bon jour advertised resources from 
anywhere in the world securely over SSH, For instance if you are 
in a hotel in Vegas you can access your shared iTunes library' back 
in New York and play some tunes or even watch a video (if tire 
bandwidth at the hotel can handle it.) Additionally they have 
written hooks so the Bonjour advertised resources show up in 
their respective applications as if you were still local to those 
resources. 

Virtual Private Networks & Remote 
Screen Sharing 

Remote access to multiple resources like a being able to 
screen share with any machine on a remote network (versus just 
one that you redirect a firewall port to) or being able to access 
any resource on that network as if you were In the office requires 
some tyj>e of secure remote connectivity, like the VPN provided 
by OS X. But using L2TP is cumbersome, especially at the remote 
end. Oftentimes, the required ports aren’t open and if you are at 
someone else’s facility or a hotel, for instance, then you won’t 
have the ability to open those ports, enter SSH based tools as a 
solution. 

Simple tunneling can he achieved with graphical software like 
and SSH Tunnel Manager (Freeware available for download at 
http://projects.tynsoe.org/en/stm/). Another application called 
Meerkat (Shareware) from Code Sorcery Workshop is one of my 
favorite SSH utilities. Why? Well Meerkat helps you to create SSH 
tunnels to remote hosts that send traffic from your local machine to 
the remote network via SSH. Though you can do this from the 
command line, Meerkat allows you to setup connections, and even 
triggers that start the connections automatically when you launch an 
application. Oh, and it is totally scriptable, reconnects disconnected 
sessions and supports SSH keys or keychain stored passwords. 
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Another freeware application called Secret Socks by an 
independent programmer (Joshua Chan) in Canada, allows you to 
setup a SOCKS proxy over SSH, providing remote connectivity to 
websites, ftp etc, from the proxy for any application that support 
SOCKS proxies (like Safari/) 

ChickenofTheVNC is a freeware utility that will allow you to 
gain access like Screen Sharing does to a remote graphical 
console on any platform that supports VNC connections (OS X, 
Windows, Linux, Solaris etc.) and has die capability of tunneling 
VNC over SSH for security and port simplicity' (all traffic runs over 
SSH.) 

OpenVPN and TunnelBlick provide an server and client 
combination for establishing an SSH based VPN (virtual private 
network.) OpenVPN can be installed from MacPorts on your 
server, though it will require some configuration file typing to get 
going (here is a decent how-to http://tinyapps.org/docs/openvpn/) 
but is very flexible. Once up you can install Tunnelblick on your 
client machines, which will create die virtual adapter and provide 
a nice graphical setup to connect to your OpenVPN server 

One question I gel often when teaching Support or Server 
Essentials is how an administrator can provide support via Screen 
Sharing to a set of Apple computers on a remote network. There 
are two methods I see used often and one 1 tested and started 
telling my students and clients about. You can use iChat and its 
associated screen sharing capabilities, or you can setup Apple 
Remote Desktop (ARD) on a machine inside the network and 
open the ARD ports to that machine so you can remote in, then 
remote to machines on die network. These are the two graphical 
methods. You can also punch a bunch of holes in the firewall and 
have each of the Macs answer Screen Sharing on a different port 
by changin their config files, or you can use an SSH tunnel to 
connect into the network then onto a host. None of these 
methods are optimal in corporate environments. iChat turns on 
the microphone and increases bandwidth by sending audio, since 
you are typically already on the phone with the person requesting 
support this is silly. Additionally, there is no way to turn down die 
color depth from the graphical interface to reduce bandwidth 
requirements. ARD via ARD is a challenge as you are screen 
sharing another screen sharing session. Tunneling is fine, but you 
need a runnel entry for each host on the remote network. So I did 
some research into a tool I have used often in remote Linux 
support environments called NoMachine or NX. 

NoMachine is another neat open source set of tools that 
allow you to remotely screen share all die machines on your 
internal network through a single entry point to your network. 
Currently there is no Mac OS X implementation of their server 
software though it is in development Why let that stop you? I 
installed NoMachine in 21 VMWare Fusion guest on the server and 
with a little configuration am able to use their OS X client software 
to connect to the NX server and through to all the machines in 
my office to provide fast remote screen sharing without having to 
do a ton of firewall tricks. You will need to setup a VNC 
password and enable the Screen Sharing and Remote Login on 
each machine you want to connect to, configure them as targets 
in NX and voila, instant support to an entire network over SSH, 
Additionally you can connect to Windows machines and even 

MAriKM 


Linux machines using the same NX server and OS X client 
software, (Note: XII is required on die client machine you 
connect from) 

Conclusion 

SSH has been around since 1995 and is still one of the fastest 
and most secure facilities for connecting to remote hosts and 
networks without 2 ton of effort or sacrificing security. With 
developers utilizing the OpenSSH framework to add additional 
features or tunnel their applications traffic over SSH, SSH and the 
associated tools diat use it will be around for a long time and as 
an administrator you should familiarize yourself with some of 
these wonderful little gems. r j . 
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Meet Cappucino 

Use your Cocoa skills to build 
stunning web applications 


by Johannes Fahrenkrug 


Introduction 

Web development can be a challenge. You need to learn 
multiple languages and technologies, like HTML, CSS and 
JavaScript. To build truly impressive applications, you even 
have to dive pretty deep into these technologies and master 
them. Wouldn’t it be nice if you could use your long-time 
knowledge of Cocoa that you have gained and perfected over 
the years to build web applications? That’s exactly what 
Cappuccino makes possible. 

What is Cappuccino? 

Cappuccino is a framework for developing desktop class 
web applications. It consists of 2 important parts: the language 
Objective-J - a re-implementation of Objective-C in JavaScript 
- and the Cappuccino libraries - a Cocoa-clone written in 
Objective-] (hence the dark, hot beverage inspired name). This 
combination of language and libraries runs in modern 
browsers without any plug-ins and creates to necessary HTML, 
JavaScript and CSS to execute your application. Just like a 
desktop application. Cappuccino only covers the client side of 
your development: Since the application is running in the 
browser, in most cases you will still need to use something like 
Ruby on Rails, Django, or PHP to build a server component 
that your Cappuccino application can communicate with to 
load and save data. 

All this might still seem kind of abstract to you. To really 
understand whaL a powerful piece of technology Cappuccino 
really is, the next paragraphs will show you how to install the 
tools and how to build your first Cappuccino app! 

Because Cappuccino is based on Objective-C, you should 
be familiar with Objective-C and the tools that surround it 
(Xcode, Interface Builder and so on). This article assumes that 
base knowledge. 

Installation 

To build the Cappuccino tools, you must have gcc 
installed. Since it is part of Xcode, you should already have it 
installed. Next, you need to check out the Cappuccino git 
repository or download it as a zip file from 


http://gifh ub.com/280norlh/cappucd no/zipbail/master. Unpack 
the zip file, open Terminal. app, change into the folder you 
just unpacked, and run the */bootstrap.sh script (you 
might need to run it as sudo, depending on your system 
setup). This will download and install all the required tools. 
You can safely accept all the default settings with yes or by 
pressing return. 

As a final step, you need to add the new binaries to your 
path. Do this by appending export 

PATH= Tf / us r/local/narwhal/bin; $PATH" to either 
your -/ .profile (bash) or -/* zshre (zsh) file. To activate 
these new r settings either open a new shell or run source 
-/ .profile (or ~/*zshrc), Now youTe all set to build the 
actual Cappuccino libraries: back in Terminal*app, run 
jake sudo-ins tall. That will take a little bit. 

Hello World 

A new Cappuccino application is created with the capp 
command-line tool which creates the basic directory layout 
with the necessary files and frameworks. The application we 
are going to build will be called imagesearch. Run this 
command to create it: 

capp gen —t NibApplication imagesearch 

The —t NibApplication switch tells the capp tool 
that you want a use a template for an application that has a 
user interface which you can edir in Xcode. Cappuccino 
cannot directly read nib or xib files. They first have to be 
convened into a eib file with the nib2cib tool. To do that, 
change into the image search directory 7 and run nib2cib 
Resources/MainMenu*xib. When you open index,html 
in the imagersearch directory’ in Safari after that, you 
should be greeted w r ith Figure L When you move the slider 
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back and forth the value in the text field should change: You’re 
first Cappuccino application works! 

^ ^ ^ cappjmage_&eandi_db 
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Figure 1. Nib-based, unedited Cappuccino application 


text Fie Id outlet. Then Ctrl-drag from the button to the 
AppController object and connect it to the say Hi action. Save 
it. 


Autosizing 



Figure 2. Autosizing attributes for the button 


Making Changes with Xcode 

Maybe you’re not quite convinced yet that the UI from 
MainMenu.xib Ls really being used. To erase those doubts, 
we will edit the UI in Xcode, Since Xcode 4 doesn’t allow you 
to define custom outlets and actions directly in Interface 
Builder anymore, the Cappuccino team has developed a tool 
called xcodecapp that sets up a dummy Xcode project for 
you to be able to easily edit your xib files. To use it, simply run 
xcodecapp inside the imagesearch directory without any 
arguments. You 11 now r change the application so that you can 
enter your name and be greeted when you click on a button, 
In Xcode (or a different editor), open AppController,j 
and edit it so that it ends up looking like Listing 1 
Listing 1: AppController.j 

©import <Foundation/CPObject,j> 

©implementation AppController ; CFObject 
{ 

©outlet CPWindow theWindov; 

©outlet CFTextField textField; 

I 


- (void) awakeFrontCib 

I 

[theWindow setlullBridge:YES]: 

1 


- (IBAction)sayHi:(id)send e r 
( 

alertC'Hi, “ + [textField stringValue] ) ; 

] 

@end 


The xcodecapp tool automatically picks up those 
changes so that we can use the new outlets and actions in 
Interface Builder, Next, dick on MainMemi.xib, select 
Window, and replace the slider with a button and set its 
autosizing attributes as shown in Figure 2. Now Ctr!-drag from 
the AppController object to the text field and connect it the 


When you reload index.html in your browser now, you’ll 
see the text field and the button. Enter your name and press 
the button and you’ll be warmly greeted by Cappuccino! 
Congratulations: You have written your first own Cappuccino 
application* complete with an action and an outlet. 

You see Lhat Cappuccino development is very similar to 
the Cocoa development you're used to. That’s why we don’t 
want to waste any time: A more complex app awaits! 

A More Complex Application 

The application that you will build next is a client for the 
Google Image Search API: Results will be displayed in a table 
on the left side of the screen and when a search result is 
selected, the image will be displayed in full size on the right 
side, (While typing this yourself is good practice and gets you 
more familiar with the tools, the source for this final 
application can be found at 

ttps;//g!ihub,com/jfohrenkrug/CappuccirfoCiblmageSearch,) 

Go back to Xcode and remove the button and the text 
held from the interface. Drag an NSSplitView to the window r 
and size and position it to fill the whole window and set its 
autosizing attributes as shown in Figure 3- 


Auto sizing 



Figure 3, Autosizing attributes for the split view, 
table view and image view 
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Then add a text field (auLosizing Figure 4) to the top left 
area of the split view and a table view (autosizing Figure 3) 
right under it. 



Figure 4. Autosizing attributes for the text field 


Name the left column of the table 'Title” and the right one 
“Size" In the inspector for the left table column set its identifier 
to title. Set it to size for the right column. Those identifiers 
are needed later for the CPTableViewDataSource delegate 
methods to determine which column to return data for, To be 
able to display the image, add an image view to the right half 
of the split view, setLing its autosizing attributes according to 
Figure 3. The interface should look like Figure 3 by now, 

^ H Window 


Tide Size 
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Corporate accounts from 

3 to 100 + users available Figure 5. The finished III of the image search application 
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Now we just have to create and connect the outlets and 
actions. To do that, we first have to define them in the 
AppController * j file as shown in Listing 2 (two extra 
outlets, two instance variables that we will need later on, and 
one empty action). 

Listing 2: AppController Outlets, Actions, and Instance 
Variables 


@implementation AppController : CPCTbject 

t 

©outlet CPWindow theWiodow: 
©outlet CPTextFIeld textField; 
©outlet CFTableView tableView; 
©outlet CPImageView image View: 
CPArray images: 
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CPData receivedData; 

] 

- {IBAction]searchr(id)sender 
{ 

I 

Back in MainMeniu xib, connect the AppController's 
taxtField outlet with the new text field. Then Ctrl-drag from 
the AppController object to the image view and connect 
it to the imageView outlet. Do the same with the table view, 
connecting it to the tableView outlet (make sure you really 
connect the table view and not the scroll view that surrounds 
it), Then Ctrl-drag from the text field to the AppController 
object and connect it to the search action. Finally Ctrl-drag 
from the table view to the AppController object twice to 
connect its dataSource and delegate outlets. The interface 
is done. 

The next thing we need is a data model to represent the 
search results. 

The Data Model 

The term "data model” might be a bit exaggerated in this 
case: We will only create one single class that will represent a 
single image of a Google Image search result set. To do that, 
we’ll create a file called Googlelmage. j in the 
imagesearch folder. You find the contents of that file in 
listing 3. You’ll notice that Objective-] doesn’t require a class 
to have an extra header file that makes everything a bit 


slimmer and easier. Now w r e just need to connect it all and 
execute the actual search. 

Listing 3: Googlelmage J 

©import <Foundation/CPObject,j> 

©implementation Googlelmage : CPObject 

i 

CPString title ©accessors; 

CPString unescapedUrl ©accessors; 

CPString tbUrl ©accessors: 
int width ©accessors; 
int height ©accessors; 


- (id)init 

C 

self = [super init]j 

if [self) 

[ 

title = 

unescapedUrl = @ HH< ; 
width = 0: 
height = 0; 


return self; 


/*! 

Initializes it with the data from a JSON Object 

*/ 

- (id] initFromJSONOb ject; (id)aJSONObject 
( 

self ■ [self init]: 
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alert("Please enter a search term!"); 


if (self) 

l 

// the html entities have to be unfcscaped 
var e = document * created lenient (* div'); 
e,innetHTML = aJSONObject•title$aFormatting; 
title = e.childNodes[0].nodeValue; 
unescapedUrl = aJSONObject.lines capedUrl: 
width = aJSONObject.width; 
height = aJSONObject.height; 

I 

return self; 

1 

- (CPString)size 

( 

return width + "x" + height; 

I 

i* i 

Returns an array of images built from an array of JSQN 
objects 

*7 

+ (CPArray)imagesPromJSONObjects;(id)someJSGNObjects 

I 

var images - [[CPArray alloc] init]; 

if (someJSONObjects) 

l 

for (var i”0; i < someJSONObjectfl* length; i++} 

I 

var image = ([Googlelraage alloc] 

initFrontJSONObject;somejSONObjects[i] ] ; 

[images addDbject:image]; 

1; 


return images; 


@end 

Bringing It All Back Home 

Similarly to Gbjective-C, you have to import source files in 
Objective-J. Tins is done with the @ import directive. To use 
our Google Image class in AppController, we have to add 
the line @import w GoogleImage«j" to the very top of 
AppController * j. 

The sayHi: method that we used in die original example 
can be deleted. The empty stub of the search: method has to 
be replaced with the search: method as shown in Listing 4. 

Listing 4: AppController: The search method 

(IBAction)search:(id)sender 

I 

var term - [textFie Id stringValuej ; 
if (term [term length] > 0) 

I 

var request = [CPURLRequest 

requ&stWithURL:'http://ajax.googlaapis.com/ajax/services/sea 
rch/images?v=l, 0&rsz=large&ijiigtype-photo6fq = * + terra]; 

[request setHTTFMethod:GET*]; 

receivedData = nil: 

[CPURLConnection connectionWithRequest:request 
delegate:self]; 

1 


else 

t 


I 


It reads the search term from the text field, makes sure that 
it isrit empty and then starts a CPURLConnection which 
queries die Google Image Search API and sets its delegate 
to self:, just like you know it from Cocoa’s 
NSURLCormection. The next step consists of adding the 
CPURLConnection delegate methods to 
AppController-j as shown in Listing 5. 

Listing 5 : AppController: CPURLConnection Delegate 
Methods 

- (void)connection;(CPURLConnection)connection 

didReceiveData;(CPString)data 

( 

if (!receivedData) 

receivedData ® data: 

else 

receivedData += data; 

I 

- (void)connection:(CPURLConnection)connection 

didFailWithErtor:(CPString)error 

r 

alert ("Connection did fail with error ; " + error) ; 
receivedData D nil; 

] 


(void)connectionDidFinishLoading:(CPURLConnection)aConnectio 
n 
( 

var res = nil; 
try 

1 

res - 

CFJSObjectCreateWithJSQN(receivedData).reaponseData.results; 

) 

catch(err) 

[ 

alert(“Error while parsing search results: " + err): 

] 

if (res) 

| 

images - [Googlelmage image sFrontJSQNObjects : res ]; 
if (images) 

[tableView reloadData]: 

else 

alert("Nothing found.”): 



The 3 methods save the received data in the 
receivedData ivar, display a message when an error 
occurred, and process the received data when loading has 
finished. The processing is simply done by turning die string 
we received from the Google API into a JavaScript data 
structure using the CPJSObjectCreateWithJSON function. 
From the responseDat a object of that data structure we then 
extract the results array. If that was successful, we pass that 
JavaScript array to the imagesFromJSONObjects: class 
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method of the Googlelmage class* thus creating an array of 
Googlelmage objects. That array is then saved in the images 
ivar. Finally, die table view is told to reload its data. In order 
for that to work, the table view expects two data source 
methods. Listing 6 contains these methods and one additional 
method—tableViewSelectionDidChange:—that is 
being called when a different row is selected in the table view. 
Listing 6: AppController: CPTabteView Data Source and 
Delegate Methods 

- (CPInteger)numb s rOf Rows InTab1e View:(CPTableView)aTableView 

I 

return images 7 images.length : 0; 

) 


■ (id)tableView:(CPTableView)aTableView 

obj ectValueForTableColumn:(CPTableColumn)a Tab 1eColumn 

row;(CPInteger)aRowtndex 

[ 

var i “ [aTableColumn identifier]; 
return [images[aRowIndex] 
perfomSelector :CF5electorFromString(i) ] : 

) 


■ (void)tableViewSelectionDidChange:(CPNotlficatlonjnote 

( 

var image = [images objectAtlndex:[tableView 
selectedRow]]; 

var u " [image unescapedUrl]; 

[imageView setImage:[[CPImage alloc] 
initWithContentsOfFile:ul]; 
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The first method returns the number of rows in the table 
view that corresponds to the number of elements in the 
images array. The second method uses the 
CPSelectorFromString function to create a selector from 
the column identifier that was passed in to identify which 
column data is being requested for (either title or size) and 
calls that selector on the corresponding Googlelmage object 
and finally returns the result. So this method either returns the 
title or the size of the image for the requested row r . The third 
method finds the Googlelmage object of the selected row and 
loads the corresponding image in the image view. 

That's it: The application is done! When you now reload 
index.html in your browser and search for “cappucdno.org" 
everything should look kind of like Figure 6. 
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Figure 6. The finished image search application 


Conclusion 

Cappuccino is a very powerful framework that lets you 
develop beautiful applications. You don’t have to learn a slew 
of new languages or technologies but can reuse and expand 
on your valuable knowledge of Objective-C and Cocoa, So 
what’s stopping you from porting your Cocoa application to 
Cappuccino now? 
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No Pane, No Gain 

Building a Preference Pane 
plug-in to integrate into 
System Preferences 

__ / 

Introduction 

Have you ever been curious about extending the System 
Preferences application on your Mac? System Preferences is the 
central location tor changing and fine-tuning a wide range of 
options, from display settings to networking to mouse settings, and 
everything in between. You've probably noticed that from time to 
time, the installation of a new application causes a new icon to 
appear in the System Preferences window. This is possible 
lxx:au.se Apple has architected System Preferences to accept 3^- 
party preference pane plug-ins, and in this month’s Developer to 
Developer, well go through the steps to construct our very own 
preference pane plug-in. As always, a reudy-tomn project is 
available on MacTedYs FTP site. 

Why Preference Pane Plug-ins? 

When developing a GUI-based application, we typically setup 
a preferences window that allows the end-user to control and 
customize settings. After the application terminates, the 
preferences are stored away in a file so that subsequent launches 
of that same application can consult and adjust to those settings. 
Usually, there is no need to adjust those settings when the 
application isn’t running. 

A preference pane plug-in, on the other hand, allows users to 
change settings outside of the scope of a single running 
application. Hence, the System Preferences application focuses on 
settings that are global in nature and affect the running of the 
operating system. When determining whether your application 
needs a preference pane plug-in, ask yourself the following 
questions: 

Does your application perform functions that affect die 
system as a whole? 

Is your application a non-gui one (i.e. launch daemon) whose 
settings need to be changed by die user? 


If die answer to either of these questions is yes, then in all 
likelihood, a preference pane plug-in is the correct venue for your 
needs. In fact, a common use of a preference pane plug-in is to 
provide some visual form of interaction for a daemon or other 
low-maintenance, non-GUI process running on die system. 

Before we launch full-scale into the process of creating a 
preference pane plug-in, let’s take some time to learn about the 
System Preferences application itself. 

System Preferences Then And Now 

On all Macs, the System Preferences application resides in the 
/Applications folder; it can lie launched from there, or quite 
conveniently, from the Apple menu at the top left comer of your 
main screen. 

Up to Leopard (10.5), System Preferences was a 32-bit 
application, and all preference pane plug-ins were also 32-bit. 
Starting with Snow Leopard (10.6), it became a 64-bit application 
that can accept both 32-bit and 64-bit plug-ins. When a 32-bit 
preference pane plug-in is encountered in 64-bit mode. System 
Preferences will relaunch itself in 32-bit mode to adapt to the plug¬ 
in. 

At tills point, all preference pane plug-in developers should 
lx* building both 32-bit and 64-bit versions of their plug-in. 
Building it in this way will ensure that the plug-in runs smoothly 
on both environments. 

Where Plug-Ins Live 

Preference pane plug-ins are special bundle files which live 
on your Mac’s file system. They have an extension of .prefPane 
and contain a number of files which we will go over shordy. All 
Apple-supplied preference pane plug-ins are In the 
/System/Library/PreferencePanes folder. If you’re 
curious, feel free to examine this folder, but be careful not to 
modify anything, since these plug-ins are part of the standard 
system install 

For 3 r< ^-party preference pane plug-ins, Apple has dictated 
that they reside in either one of two folders: 

/Library/PreferencePanes 

'/Library/PreferencePanes 

The first path is a global one: preference pane plug-ias that 
reside in diis folder will be seen by all users on your system. In 
general, this is the appropriate place for preference pane plug-ias 
to reside. However, as option 2 above indicates, they can also be 
installed inside of a user’s home folder, Here, the preference pane 
plug-in will only l>e seen by that user when he launches System 
Preferences. 

Installing A Preference Pane Plug-in 

The installation of a preference pane plug-in is quite simple. 
Just double-clicking on the file in Finder is enough to launch 
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System Preferences. At that time, the preference pane plug-in 
bundle will be examined and System Preferences will ask if you 
want to install the plug-in for die current user or for all users. 
Depending upon your answer, it will either copy the bundle to 
your home directory location, or the root location where aU users 
can view the plug-in. If you choose for all users to utilize the plug¬ 
in, you will need to type in the administrator password since the 
copy operation requires admin privileges. 
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Figure 1. System Preferences Installation Option 


Peeking Into The Code 

Now that we have explored System Preferences a bit, lefs take 
a look at the details of implementing a preference pane plug-in. If 
you haven 1 ! already done so, download the project source file 
D2DFrefPane.zip from the MacTech FTP site and decompress 
it on your hard drive, then open up the 
D2 DP re f P an e. xc o dep r o j file i n Xcode. 

The project consists of a number of source Files along with 
resource files such as icons and images. The following table lists 
each of them and explain their purpose: 

Table 1, Project files and their Purpose: 


File name 

Purpose 

D2DPref.h/D2DPref.m 

Ibis is the home of the D2DPref Objective-C 
doss. IMs subclassed from the 
NSPreferencePone doss and holds the code for 
our plug-in. 

D?Dlcon.png 

Ibis is the icon that will appear in the System 
Preferences application. 

MncTecfi.png 

Ibis is a graphic that will appear in a button an 
our preference pane plug-in. 

Info.plist 

the property list file that holds important 
information about the structure of our plug-in. 

D2DPref.xib 

The Interface Builder file which contains ihe 
visual layout of our preference pane plug-in. 
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Now let’s examine the central source file to this project, 
D2DPref .m. When developing a preference pane plug-in, you 
must have an Gbjective-C class that is subclassed from 
NS PreferencePane, and your subclass must implement the 
mainViewDidLoad method. This method Is the entry' point into 
your custom preference pane plug-in, and can contain any 
initialization code that you need to perform. Since our preference 
pane is simple, we currently do nothing here. 

A custom method that we have defined in this file is 
urlButtonAction: which is an action method for a button that 
exists in the preference pane. When the button is clicked, a 
browser will he spawned to take us to the website of our favorite 
magazine. 

Looking Into The Nib File 

Now open the D2DFref.xib file in Interface Builder. The 
File’s Owner for this NIB file is the D2DPref .m file that we just 
examined. Since D2DPref inherits from NSPreferencePane. we 
must hook up the ^window outlet to the PrefPane window' 
object within the NIB file. That is already done, but you can 
confirm by right-clicking on the File’s Owner icon to see that the 
connection is made. 

Double-click on the PrefPane object in the NIB file 
document and you will see that the object is an NSWindow with 
a single button in tile middle containing file graphic of our favorite 
magazine. If you examine the action outlet of this button, you will 


see that it points back to the urlButtonAction: method in our 
D2DPref class (which is the owner of the NTB file). So the 
expectation is that if we click on the button, it should invoke the 
action method that launches a browser and takes us to the 
previously indicated URL. 
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Figure 2. The preference pane window in Interface Builder 

There is something important to note here: the dimensions of 
the NSWindow are specific, particularly the width. Starting with 
Leopard, all preference panes are to be 668 pixels wide, somewhat 
larger than previous versions of System Preferences on Tiger and 
prior operating systems. The height can vary, but your NSWindow 
object should maintain a width of 668 pixels, as we do here. 
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Build And Go! 

Now here’s the moment we’ve all been waiting for. Switch 
hack to Xcode and build the project, Once it is built, locate the 
Products folder in the Xcode Groups & Files pane. There you 
should see the D2D,prefPane bundle. Double-click and it will 
launch System Preferences with the dialog box asking how you 
wish to instill 1 the plug-in. For now T simply install it for yourself 
only System Preferences then copies the bundle to your home 
directory’s Library/Preference Pane folder and launches the 
plug-in. You should now r see the MacTech button sitting solitary 
in the middle of the pane. Go ahead and click if it should take 
you to the MacTech website. 

Summary 

This month, we've examined die operation of the System 
Preferences application along with its plug-in architecture. From 
them we successfully built a preference pane plug-in from die 
provided Xcode project and installed it on our system. 

One Issue that hasn't been addressed thus far is that of 
security. Depending upon the application, there may be times 
w r hen it is necessary to access or even modify files that belong to 
root. Next month, we’ll extend our preference pane plug-in with 
authentication services and the ability to run external commands 
as root. Well also dirow r in some odier nifty tid-bits about 
preference pane plug-ins and discuss how to use the Xcode 


debugger to debug your plug-in. Until dien, 1 suggest reading die 
documents in die bibliography below to expand your knowledge 
of preference panes. Until next month, have fun? 
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Scripting Automations in 
Windows for Mac OS X 
Administrators 


by Charles Edge 


Introduction 

To minimize the Total Cost of Ownership (TCO) of large 
numbers of systems requires some form of customization- Such 
customization may come in the form of scripting simple tasks, 
automating complicated procedures and usually includes 
building bridges between disparate systems using the APIs 
available for those systems. 

The growth of Apple in large environments means that 
there are more and more enterprises looking to adopt a 
platform that allows the enterprise to not only provide services 
similar to how they are provided for oilier platforms, but also 
allows the enterprise to centrally manage the client computers. 
The Enterprise Desktop Alliance (EDA) has developed a 
strategy for leveraging existing Windows Server administrators 
and infrastructure in order to provide command, control and 
connectivity services to Mac OS X clients. The EDA includes 
Absolute Manage, Cemrify, GroupLogic, IBM and 
WebHelpDesk, all able to run on Microsoft Windows Server 
2008 R2. Each of these vendors fills a very specific void for 
managing Mac OS X: 

Absolute Manage: Change, configuration and patch 
management 

Centrify: Extending group policy objects to enable Active 
Directory-based management and a directory services plugin to 
ease the transition to Active Directory 

GroupLogic: Native Mac OS X file services hosted on 
Windows Servers 

IBM: Web and groupware services as well as highly 
available Windows Server hardware 

WebHelpDesk: Trouble ticketing and inventory 
management 

This ecosystem provides systems that work very well 
together, or independently, maximizing the efficiency of staff 
and giving administrators repeatable, highly available, well 
documented and vendor supported infrastructures. The EDA 
has run 3 previous articles in MacTech Magazine, outlining 


options for replacing the Xserve with Windows Servers now 
that Apple no longer provides rack-dense solutions. This allows 
administrators to run their most critical and important services 
that enterprises need, even w r hile the Xserve is deprecated. 
These articles included: 

January 2011: Centralized Mac Home Directories on 
Windows Servers 

February 2011: Imaging and Fateh Management using 
Windows Servers for Mac OS X Clients 

March 2011: Implementing Pile and Print Services for Mac 
OS X using Windows Servers 

April 2011: Large Scale Mac OS X Client Management Using 
Windows Servers 

In this, the 5th installment of the EDA series on moving 
from Mac OS X Servers to Windows Servers, we wall look 
further at Extreme Z-IP, Absolute Manage, Centrify and 
WebHelpDesk. Our focus this month will be on extending what 
these products can do in order to tailor them to your unique 
environment. We are moving beyond the graphical options that 
the vendors provide and into more of a command line and 
scripting environment. 

As we have been showing throughout this series of articles, 
the move from Mac OS X Server to Windows Server can be less 
cumbersome than many previously thought. The platform is 
considerably more scalable, with virtualization end-to-end and 
true high availability options. And in many environments, Active 
Directory has been integrated for years and so administrators 
are already well versed in Windows Server administration 
basics. The impact of replacing systems on existing middleware 
components though, can be amongst the most impactful. In this 
article we will take a look at some common automations that 
have been built for Mac OS X environments and look at ways 
to port them over into Windows server environments so that 
organizations can have the level of rack density, failover and 
scalability that they require while lessening the amount of 
scripting that is required. 
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No discussion of building network infrastructures to scale 
can be complete without discussing middleware. This is 
because most solutions fit within an organization to solve a 
specific pain point. Middleware allow administrators to 
interconnect and customize various solutions in such a way that 
the whole is much greater than each part. The customizations 
save time, increase productivity and allow each component to 
be built in such a way that it can scale in ways it otherwise 
could not. 

Every environment is different. As such, every environment 
has different needs. Most organizations will need multiple 
solutions and these solutions have different features that each 
organization will customize in ways that make sense for them. 
But often times, the solutions will not communicate with other 
solutions meaning that administrators have to do entry into 
different solutions manually. 

For example, let’s look at a typical school environment. 
Each student, when enrolled, is entered into a student 
information system. The student is then entered into a directory 
service, such as Active Directory or Open Directory. Once 
entered, the student has a profile created for them and has a set 
of policies applied to their account. The student is also placed 
into a group or multiple groups, based on grade, school they 
attend, etc. The student may have an email or groupware 
account created for them as well as he entered into a course 
management system. Each year that the student attends the 
school their grade will change and according to how the 
systems are setup they may move between different groups 
(e,g. elementary school, then junior high, then It) 1 * 1 grade, then 
11 , then 12 1 * 1 and ultimately archived). 

If a school has a lot of students then this can result in a 
massive amount of work for administrators. However, provided 
that a consistent user experience is needed, a few scripts can 
result in drastic reductions in the amount of time spent 
managing students. This can include automatically creating the 
user in die directory service, assigning group membership, 
allocating a computer (as is common in a 1 to 1 deployment) 
and even archiving the student when they have graduated or 
transferred. This type of automation allows a small number of 
administrators to manage even large districts. 

Exposing the API 

Middleware makes administrators more efficient. But the 
capacity to script the middleware is dependent on the APIs 
made available from software vendors. An API, or Application 
Programming Interface, is comprised of the tools and other 
resources a vendor makes available to extend its software. The 
vendors comprising the Enterprise Desktop Alliance each have 
a number of automations that commonly revolve around their 
solutions to aide when managing die lifecycle of systems. 

In order to integrate the Web Help Desk with other 
applications, HTTP interfaces are provided to log clients into 
the application (skipping die login page) and to create tickets* 
The Web Help Desk links can then be accessed from other 
solutions, automatically generating tickets. Administrators can 


also edit the Web Help Desk database directly, aldiough when 
it is possible to augment a solution using an API to accomplish 
a given task, it is always preferable to do so over editing the 
solutions back end directly 

The Centrify DirectControl API allows administrators to 
control zones and NIS maps. Zone control includes 
programmatically creating, editing and deleting zones within 
Centrify as well as adding users and groups to these zones. This 
allows administrators to bolt Centrify into other solutions, such 
as Student Information Systems, Identity" Management Systems 
and even other middleware components already in use and 
development* 

The Centrify DirectControl API provides standard Windows 
COM objects that convert Active Directory application objects 
into Centrify-enabled UNIX user, group, computer, and zone 
objects. These are packaged in the DLL (Dynamic Link Library) 
that is distributed with the DirectControl SDK. Documentation 
for the API can be found at 
http;//www, cerberisxom/i mages/produiis/techFiles/Centrify- 
DirectControl-4-Programmer-Guide.pdf, 

ExtremeZTP has a mature and full-featured API whereby 
almost complete control of the application has been exposed 
by the API. Using the API, it is possible to create, edit and delete 
print queues and file shares within ExtremeZ-IP. There are a 
number of different ways to interact with ExtremeZ-IP 
programmatically, but none is easier than controlling the 
options exposed in the EZlPUTIL.exe command line options. 
But given that for every scripter there is a different way of doing 
things, ExteremeZ-IP has also provided access via C++, WMI 
and even a web services API. Later in this article we will look 
at using the command line in a scripted workflow and provide 
links for accessing even more information as needs progress. 

Absolute Manage can also be accessed using an API of 
sorts. Primarily, interacting with Absolute Manage will take form 
of reading data from a MySQL database, allowing administrators 
to query information indirectly from Absolute and leverage the 
output of those queries in other scripts and data structures. 

Controlling Client Computers 

Absolute Manage has registered the lanrevagent:// handler 
when the Admin installer is installed. The syntax for invoking 
lanrevagent is similar to calling up a web page or an AFP 
mount, except here you define die command, followed by what 
exactly to run that command against. The command to remotely 
control a host is remotecontmlagent. The easiest way to indicate 
an agent to be controlled is to define a eomputername that the 
agent can control, done by following the remotecontrolagent 
command with ?computername=<the actual computer 
name to be used>. When defining eomputername, you 
will need to replace any special characters with their URL 
encoded representation (e.g. - for a space that would be a 
%2GL This is really actually very straightforward. To control a 
computer named Charles Edge MacBook Air, you would use the 
following URL from a browser: 
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lanrevagent: //remotecontrolagent?cotnputername = Charles%20Edge% 
2 OMa cBo o k%20AIr 

Or simply use the terminal command: 

open 

lanrevagent: //remotecontrolagent7coinputername=Charles%20Edge% 
20MatBook%2OAir 

Using the open command allows for variable substitution, 
which makes this yet another addition to the possibilities 
surrounding automating administration tasks through help desk 
software without having to expose passwords to intermediate 
administrators. Provided that host names are in synchronization 
between servers, you then have the ability to invoke commands 
against Absolute Manage using other products as part of your 
management lifecycle or some form of middleware. 

To restart the Absolute Manage service, 

net stop "LANrev Server'* 

Followed by: 

net start “LAErey Server" 

On the server, administrators can also start and stop the 
Absolute Manage Agent and Absolute Manage Server in 
Windows using the Windows Services applet or do so 
programmatically with a registry edit. To restart the Agent or 
Server (and therefore reload configuration data), the Trigger 
registry key would need to be set to 1. These are located in 
HK£Y_LOCAL_MACMlNE\Software \ Pole Position 

Software\LANrev Agent\Triggef and 

HKEY_LOGAL_MACHINE\Spftware\PoIe Position 

Software\LANrev Server\Trigger registry keys for the Agent and 
Server respectively 

ExtremeZ-fP can also be started and stopped 
programmatically To restart ExtremeZ-IP: 

net stop H ExtreraeZ-IF" 

Followed by: 

net start “ExtremeZ-IP'' 

But service control is only the beginning of what can be 
done using the command line when controlling ExtremeZ-IP. 
Shares, printers and server settings can also be configured. 

Creating Shares Programmatically 

Windows and Windows Servers have a command line 
environment similar, albeit far less functional from a scripting 
perspective to the shell environment in Mac OS X. Scripts, 
known as batch scripts can then be written to automate basic 
functionality in Windows Servers. While you can do.a lot with 
PowerShell or WMI, batch scripts are simple and quick to write 
and execute. For administrators already familiar with Python, 
Ruby, Perl and other languages more native to Mac OS X, those 
can all be used in Windows as well ExtremeZ-IP can be 
controlling using the EZIPUTIL command. This is similar to how 


the serveradmin command can be used to set global settings in 
Mac OS X Server. For example, to start the server services, the 
SERVER option can be used in conjunction with the /START 
switch: 

EZIPUTIL SERVER /START 

The SERVER option can also be used for a number of other 
tasks, such as obtaining a list of files in use through ExtremeZ- 

IP: 

EZIPUTIL SERVER /FILES 

Or to see which users are currently logged into the system: 

EZIPUTIL SERVER /USERS 

The SERVER option is for controlling global information 
about the server. The VOLUME option can be used to create, 
edit and delete shared volumes through ExtremeZ-IP, much as 
the sharing command can do so in Mac OS X Server. As shown 
in previous articles, there are a number of settings that can be 
used for volumes. Each of these is available using the EZIPUTIL 
command. The following are a few switches for shares that are 
available from the EZIPUTIL command. 

/ADD - Creates a new shared volume 

/EDIT - Edits an existing shared volume 

/NAMErvolumename - Configures Lhe shared volume's 
name 

/PATFhroot directory path - Sets the path of the file system 
that is shared out 

/READONLY:TRUE | FALSE - Makes the share read-only 

/GUESTSALLOWEDTRUE| FALSE - Allows guest access to 
the share 

/PASSWORD:password - Enables volume-based passwords 

For example, to create a volume for a path of 
c:\SHARED\ACCOUNTING (the /PATH switch) where guests 
are not allowed (the /GUESTSAILOWED switch) where Time 
Machine volumes are allowed (the /lS_TM_VOLUME switch), 
the following command would create such a share: 

EZIPUTIL VOLUME /ADD /NAME:ACCOUNTING 

/PATHic: \SHARED\ACCOUNTING /GUESTSALLOWED:FALSE 

/iSJKLmUME 

Scripts leveraging lhe EZIPUTIL command can then be 
crafted to perform a number of tasks, such as automatically 
creating a share for each user as users are created in another 
system, creating shares for specific groups and even deleting 
shares at the end of their lifespan as part of a Information 
Lifecycle Management policy. 

The third and final option provided by the EZIPUTIL 
command is the PRINT option, which surprisingly allows for lhe 
management of print queues. PRINT has the same basic 
switches in /ADD, /EDIT, etc. But the other switches are 
specific to managing printers. A sampling includes the 
following: 
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/PPD - Allows providing a PPD to supply Mac OS X clients 
with a driver 

/PPD_ON LY_FROM_SER VER :TRUE | FALSE - Forces clients 
to only use the PPD provided by the server 

WINDOWS - Queues are available as standard Windows 
printer Queues 

/PRINTER: printer 

LPR - Queues are available as LPR 

/HOST: host - 

/QUEUE: queue 

in the following example, we will create a printer from the 
command line, using an existing printer installed in Windows 
called Finance ^LaserJet This printer will have the same queue 
name through ExtremeZTP that is used to connect Windows 
users and will require Mac users to download a PPD in order 
to use it that is stored at c:\Drivers\PPDs\LaserJet_P4041n 

EZIFUTIL PRINT /ADD /METHOD:WINDOWS 
/PRINTER:Finance_LaserJet /PPD: 

c:\Drivers\PPDs\LaserJet_P4041n /PPDJ)HLY_FROM_SERVER:TRlJE 

To find more information on these, you can use the 
EZIPUTLL command Followed by the HELP verb: 

EZIFUTIL HELP 

While administrators can use ExtremeZ-lPs command line 
tools to create shares, it can be somewhat unwieldy to leverage 
a share per user for creating home directories, and so 
administrators often use a share for a group of users and create 
folders for each user based on, for example, Active Directory 
group or Organizational Unit membership. 

Automated Policy Management 

Visual Basic is a language that is often used for automating 
basic tasks in Microsoft Windows Server environments, Visual 
Basic is similar in many ways to perl or python and can be as 
simplistic or complicated as each task that needs scripting. This 
section of the article isn’t a guide on writing Visual Basic scripts, 
a topic many full books currently explore. Instead, this section 
of the article is meant to showcase how to do a few basic tasks 
that Mac 05 X administrators have been doing with scripts in 
Mac OS X environments for years. 

Managed preferences allow for policy-based management 
of Mac OS X clients, In previous articles, we looked at 
leveraging Centrify to provide such management, Centrify, as 
mentioned earlier in this article, also allows for a programmatic 
interface. The interface is available in VBScrpt, ] Script, and 
.NET via the Centrify SDK (CentrifyDC_SDK-release-win64.zip), 
available at Centrify.com. 

Installation of the SDK is straightforward, choosing the 
default options at each screen. Once the SDK has been 
installed, a number of methods to w r ork with Centrify will be 
available in Visual Basic. For example, the following can be 
used to output a list of users that are in a given zone. This is 
done using the dms.getzone method from the Centrify SDK. We 


will also use a for loop, looping through all of the users in the 
zone and ultimately echo the output: 

set zone = cims.getzone( 44 krypted.com/program data/ 
centrify/zones/defau 1C) 
for each user in users 
wscript.echo user.name, user.Uid 
next 

The output would provide short names followed by unique 
IDs for users, as follows: 

ledge 10038 
cedge 10039 
eedge 10092 

This is a very simplistic script, with much more being made 
available by Centrify as part of the SDK, A script like this could 
be used to quickly query for all of the users that have a given 
set of settings and using other methods it would be possible to 
add users to zones or augment their directory data with 
information specific to Centrify. 

Creating Folders Within Shares 

As we’ve shown in previous articles in this series, Active 
Directory, using Centrify, can provide the necessary back-end 
infrastructure for centralized home directories without any Mac 
OS X Servers, One of the more common tasks that needs to be 
scripted during directory services migrations and during the 
setup of new users is to create the folders that these new and 
migrated users w ill use when logging into accounts. 

The User Home Creator script, seen below, showcases how 
to work with the FileSystemObject object and its CreateObject 
method, which can be used to (as you can probably guess) 
create an object on a filesystem. In VBScript, creating an object 
is done in a single line (it is common Visual Basic practice to 
prefix objects with obj and strings with str), Here, we can create 
a FileSystemObject called objFSO: 

Set objFSO ” CreateObject(“Scripting,FileSystemObject") 

We would also create a network object (which we call 
obj Network), We then create an array of a collection of items 
queried from a given Organizational Unit (here, specified as 
Users) in Active Directory and then loop through those items 
and create a directory if one does not yet exist. Finally, we call 
on Wscript.Shell to run a shell command, using the SetACL.exe 
executable to change the permissions on the folders that we 
create. 

User Home Creator 

‘Create cur FileSystemObject and our Wscrlpt.Network object 

Set objFSO = CreateObject ("Scripting.FileSystemObject'') 

Set objNetwork = CreateObject("Wscript,Network") 

f Create an array of users in the OU 

Set colIterns = GetObject _ 

("LDAP: //ou=Users f dc=318 ,dc=cont") 
colltems,Filter = Array("User”) 
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'Loop through the array, read the user into strUser and the 
path to the homes into strDest,, creating the folder and 
generating permissions 

For Each objltem in colltems 

strUser = objltem.sAMAccountName 

strDest = “\\afpQ3,318*cojn\ham.es\" & strUser 

Set objFSO - CREATEOBJECTC"Scripting.FileSystemObject") 

IF Not objFSO,FolderExists(strDest) THEN 

Set objFolder = objFSO,CreateFolder(strDest) 
strDest = H \\afp03.3I8.comVhames\ n & etrUEer 
Set DhjShell = CreateObject(“Wscript,.Shell") 
objShell.Run (*\\\\afp03.313.com\netlogonWSetACL.exe 
-on & strDest A -at file -actn ace H & “-ace 
Sf,p n:AD\" & strUser & ";prfull*" M ) 

ELSE 
END IF 

Next 

This script shows off the access to objects, IF/THEN and 
arrays, There are likely more elegant ways to perform these 
actions, but overall this shows basic functionality of the Visual 
Basic scripting environment in a way that is beneficial when 
creating network directories to be used for mobile homes. 


Bridging Applications 

Absolute Manage allows other systems to view its data in 
the form of an exported MySQL database. Absolute Manage 
stores its data in SQLite, rather than MySQL, but administrators 
should not interact directly with the SQLite database (it is not 
made available for network access anyway). Instead, data can 
be made available via MySQL for other applications using an 
ODBC export for MySQL, That's essentially a one-way street; 
inventory data goes out but it doesn't come in, 

Web Help Desk has a built-in discovery connection that 
can use information from die ODBC exported MySQL data to 
create asset entries to keep administrators from having to 
perform double entry. Bringing Absolute Manage data from 
MySQL into Web Help Desk to create new asset entries allows 
administrators to view inventory details about client's in 
Absolute Manage admin to initiate a remote control sessions 
using a link from Absolute Manage in die Web Help Desk 
console. 

To get started, first install and configure a MySQL server 
that will be connected to by Web Help Desk. Then create a 
database in MySQL to host the inventory data. Once there is a 
database on the server that can accept the ODBC export, install 
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Figure 1 - Creating an ODBC export. 
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the MySQL ODBC driver on the Absolute Manage server To do 
so 

Open the Absolute Manage Admin application on the 
Absolute Manage server 

Choose Server Center from the Window menu. 

Click on Server Settings in the side bar. 

Click on the ODBC Export tab. 

Check die box for Enable ODBC export tab. 

Provide details for the ODBC connection: 

Data source name (DSN): 

Database server address: The address of die server in 
question. 

Database name: The name of the database on the server. 

Database username: The name of the user configured to 
authenticate to the server. 

Database password; The password of the user that has 
been configured. 

Database password verification; The password of the user 
a second time for verification, 

Export interval: The number of minutes between database 
exports. 

Once the required information has been provided, open 
MySQL and verify that the databases have exported as intended. 
Provided that they have, it is then time to integrate a 3 r< ^ party 
with the database. There isn’t currently any public 
documentation of the MySQL database structures. But generally 
the foreign key columns are consistently named 
<base_tabie_name>_record_id, where <base_table_name> is 
the name of the table that the foreign key references. Within 
this table, the foreign keys generally reference the “id” column. 
For example, the hardware Jnfo.agentJnfo_recordJd is a 
foreign key referencing agentjnfo, id. 

There are a few exceptions to this rule. The base table for 
all computer-related tables is die agentjnfo table, all other 
tables relate to this table using the 'agentJnfo_recordJd 1 
column as a foreign key referencing 
agentjnfo, id. Some columns are 
enumeration values, in which case the 
value relates to a corresponding 
enumeration table. Enumeration table 
names have a prefix of “enumj and a 
postfix that loosely relates to the 
column name in the table containing 
the enumeration values. For example, 
a ta_in fo, Devi ceTy pe -> 

enum_ATADeviceType and 

age ntjnfo, Ag entP latform -> 

enum_AgentPlatform. The names of the 
custom fields can be associated with 


the custom field values as 

agent_custom_fields,FieldID=custom_field_names.id. 

The other groups of records that have independent 
relations include: 
iPhone records: 
iphone Jnfo is the base table 

iphoneJnstaIled_softwareJnfo relates to iphone Jnfo. id 
using the iphone_infoj:ecordJd column 
Software distribution: 

sd_packages contains package descriptions 
sd_payloads contains package payload descriptions 
sd_groups contains computer group descriptions 
sd_staging_server contains staging sewer descriptions 
sd_di$kimages contains disk image descriptions (disk 
images for software distribution purposes) 

sd_metapackages_packages lists the packages contained in 
the metapackages 

sd_groups_packages associates sd_groups with 
$d_packages 

sd_groups_agents associates sd_groups with agentjnfo 
records (for plain computer groups) 

sd^groupsjstaging_servers associates sd_groups with 
sd_staging_server records 

sd_installation_status contains installation status info and 
references sd_packages via 

sdjnstallation_statu 5 .sd_package_recordjd=sd_packageid 
License monitoring - tables having an IcJ prefix, e.g, 
lcjicensejspeqs contains the license specifications, 
lc_groups_specs relates sd_groups to lcjicense_specs records, 
etc. 

Administrator setup and assignment - tables “admins” and 
all tables with an “admin_” prefix where “admins" contains the 
admin is LraLor accounts: 

admin_apppointments contains the definitions of the 
appointment groups 
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Figure 2 - Web Help Desk install 
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admin_appointment 5 _admins associates admins with 
appointment groups 

adm i n_appoint ments_agent s associates computers 
(agentjnfo records) with appointment groups (for plain 
appointment groups only), where this relation is done through 
the agent serial number instead of agentjnfo. id, i.e. 
admin_appomtments_agents,AgentSerial=agentJnfo.AgentSeria 
1 

admin_groups contains administrator group definitions 

admin_groups_admins associates admins with admin 
groups 

In this case, we will look at using our data to populate Web 
Help Desk, which can pull client inventory data from the 
MySQL inventory database. To do so, configure an asset 
discovery connection with the correct access settings to connect 
to Web Help Desk. First, install Web Help Desk, following the 
default settings during die installation process. Then, open the 
Web Help Desk directory within /Applications and open the 
Start Web Help Desk application. 

Next, from within Web Help Desk: 

Click on the Setup Icon. 

Click on Assets (assets is only available in the Full version, 
so for environments running the Lite version, a switch will need 
to be made to the Full version). 

Click on Discovery Connections, 


Click on New. 

Provide connectivity information for MySQL: 

Connection name: A friendly name for the connection. 

Discovery took Set to Absolute Manage (LANrev). 

LANrev MySQL Database host: The address of the MySQL 
server. 

Port: Tile port diat MySQL runs on. 

Database name: The name of the database provided in the 
earlier pan of this article. 

Username: A username with appropriate access to the 
database that was created earlier in this article, 

Password: The password provided in the Username field. 

Include Virtual Machines: Choose whether virtual 
machines should be included in the import. 

Auto-sync Schedule: Set a schedule to perform imports, 
allowing administrators to import database content 
automatically. 

Ignore Black Discovered Values: .Allows for manual editing 
once data has been imported into Web Help Desk. 

Client Relationships: Determines how users and computers 
are associated. 

When Assets Are Removed: O' set to Delete Asset then as 
assets are removed from the Absolute database so to shall they 
be removed from Web Help Desk. 
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The discovery tool should then propagate the machines 
from the intermediary database that was created at the next 
scheduled sync. In this example, we were able to interconnect 
two solutions without writing any scripts. We were able to do 
so because it is a common practice, where both vendors saw r it 
fit to interlink their solutions. Web Help Desk is also able to 
import data from Apple Remote Desktop, JAMFs the Casper 
Suite and Microsoft’s System Center Configuration Manager 
(5CCM). User accounts can also be imported into Web Help 
Desk using the LDAP Connections option listed under the 
Clients menu. Once data has been imported into Web Help 
Desk, administrators can then look at programmatically 
interfacing with Web Help Desk to create tickets. 

Automated Ticket Management 

Web Help Desk is trouble ticket management software that 
runs in Mac OS X, Windows Server and Linux environments. 
When using Web Help Desk, it is possible to bolt 
interoperability with databases and other solutions in by 
injecting information into URLs or leveraging emails that the 
server picks up and takes action on. This API functionality 
allows administrators to build middleware around the exposed 
features for such activities; logging into the database and 
creating tickets. 

In the following examples, we will be using a server that 
we will call middleware.enterpri.sedesktopalliance.com, To 
simply bring up the login page, a script can call up the URL of 
the server, or when followed 

hy/helpdesk/WebObjects/Helpdesk.woa/wa/login, other 
information can be injected into the URL, For example, this 
could be put into a script by using an open command along 
w ith the URL, a username (in this example cedge), a password 

(in this exampieSuperSecret); 

□pen 

http ; //middleware. enterprisedesktopalliance, cous/helpdesk/WebO 
bj ects/Helpdesk, woa/va/ login? usernatne“ced ge&pas sword”SuperSec 
ret 

Note: While we embedded the password in the a hot e 
command for simplicities sake ; more logic could easily be added 
in a script to call the password from keychain or another more 
secure location, which would be much more appropriate in a 
production environ merit . 

A common use for something like the above would be a 
Mac OS X menu item for an organization that loads up a site for 
creating tickets. But it is important to note that authentication is 
required for each URL sent. Therefore, administrators scripting 
against Web Help Desk will want to assume tasks wall t>e 
performed on behalf of a common user, tin issue in some 
environments, in addition to simply authenticating users to the 
server, scripts can also be used to generate tickets in Web Help 
Desk. 

To create tickets, the /helpdesk/WebObjects/- 
Helpdesk.woa/wa/createTicket will be appended to the base 
URL, Looking at the previous URL, the options that are provided 


begin with the question mark (?) and are separated by 
ampersands (&). The options allowed include the following; 
User Settings; 

email: End users email address 
Iast_name: End user's last name 
flrst_name; End user’s first name 
user_name: End user’s user name 
passw-ord: End user's password 

location: location of user {if none is provided then the 
default location of the user is used) 

department; user's department name (if none is provided 
then the default department for the user is used) 

Ticket Setettings: 

prohlemjd: Ticket problem type id number (integer for 
PRO B LEMJTYPE) 

priority_id: Ticket priority id number (Integer for 
PRIORITY_TYPE) 

subject: Ticket subject 

detail: Information to be placed into die ticket problem 
detail text field 

id: customerJd number (if using the hosted Web Help 
Desk, an organization ID will also be required, otherwise an 
option) 

If a script attempts to create a ticket for a user who does 
not exist then the user will be created. In this case one should 
always try to provide an email address, although an account can 
he created even if there is no email address. This allows the 
automated creation of users using a looping script to, for 
example, create a ticket for them to provision their Web Help 
Desk accounts. 

Creating tickets is one of the more important tasks though. 
To do so is straightforward Simply use die same structure as the 
previously used command and make sure to use Unicode 
appropriate characters (spaces are not allowed). The following 
command would create a new ticket for Charles Edge, at my 
home, with an email address of 
enduser@enferprisedesktopaIliance.com with a prohlemjd of 2 
and a priorityjd of 4: 

open 

http: //mydotnain. cWhelpdesk/Webpbjects/Helpdesk ■ woa/va/creat 
eTi cket ? p ro b 1 i d=2 r i orit y_ i d=4 & su b j ec t =New%2 0 Lap t op &d e t a i 
l“Ky%2 0Windows%20Mel baok%20is%20hea vy&emai l=enduse r@ent e rpri s 
e d t o p a 111 ant e. t otn& f 1 r a t_n ame=Cha r 1 e s & Iaat_n ame=Ed g.e& 1 o c a t i 
on^Home 

We were again using the open command; however, the curl 
command could also be used. Keeping the entire transaction 
within a scrip! and not actually opening a browser window is 
often times best w r hen working with these sorts of tasks so as 
not to confuse users. Additionally, perl, python. Visual Basic, 
.Net and practically every other scripting environment is going 
to allow handling LTRLs in a far more graceful manner than 
using the open command (but it makes for a easy example). 

Once created, the client’s ticket liistory page is returned, 
with a message acknowledging the new ticket. This message 
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could be used to generate a response either to a script or to an 
application. If an error occurs the login page is returned, with 
a messaging describing the error. If the specified e-mail address 
cannot be found in die CLIENT table, an attempt is made to 
create a new client account (see notes below). 

Conclusion 

Most software packages used by Systems Administrators 
have an API of some sort. Those referenced in this article are 
interacting with Web Help Desk, Centrify. ExtremeZ-IP and 
Absolute Manage using different methods in order to showcase 
the different features of each. However, what we have done is 
really only the tip of the iceterg. There are no limits to what 
you can do when it comes to extending the functionality of 
software when there is a strong business case for doing so. 

When costs are justified, many will look at Lhe least 
expensive options for scripting. Expense can mean a variety of 
things. It can mean, expense in terms of CPU or RAM 
utilization, it can mean expense in terms of time required to 
program a given solution or it can mean expense in terms of 
actual cost. These three do no always line up accordingly. But, 
you will often find that coding something in bash is going to 
come with limitations, both in terms of scale and resource 
utilization faster than going more direct to the application, as is 
made possible by writing a tool in WM1 or PowerShell. Having 
said this, WMI or PowerShell are going to have a far steeper 
learning curve, 

Whichever you choose, take these examples and build on 
them. If features that you need aren't referenced, review the 
documentation links provided or contact the vendor and let 
them know what you would like to do and see if someone else 
has already done it. While we discussed throughout this article 
the fact that environments are often very different, it just so 
happens that rarely are any of us going to try something that 
hasn't been done before. If something has been done, Lhen 
there is no reason to reinvent the wheel Take that time you 
would be doing so and have a little fun. You deserve it (if only 
for having made it all the way through this article). 


Jill 
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The SQLite DB and iOS 


How to use SQLite on your iPhone and iPad 
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Introduction 

This article will show you how to use the SQLite database 
from a UNIX shell and how to program it for iOS applications. 

Because the programming interface to the SQLite database 
is written in C and Objective-C is a superset of C, it is easy to 
make use of .SQLite into your iPhone projects. 

After reading this article, you will [>e ready to understand 
the advantages of SQLite3 and programmatically use the SQlite3 
database either from the UNIX command line or your iOS device. 

At the time of writing this article the latest SQLite version is 
3.7.3 and the latest Mac OS X version is 10.6.5, 

Introduction to the SQLite DB 

SQLite does not offer authentication or authorization. UNIX 
file permissions (using the chmod command) are used in order 
to determine the three SQLite-supported access levels: read/write 
access, read access and no access. 

Also, SQLite is not suitable for very large datasets even 
though modem filesystems support files with sizes bigger than a 
terabyte. 

Lastly, SQLite does not support replicatian-you can backup 
a database by simply copying Lhe database file! 

Hie advantages of SQLite are the following: 

It has great performance. 

It is reliable. 

It is portable. 

It is self-contained (the main reason that it was embedded 
for iOS). 

If has a small runtime footprint - small size as well as 
small memory usage. 

You do not need a GUI to use it. 

You do not need to setup/start a server process to use 
SQLite. 

Supports the query languages features of the SQL92 
standard. 

Using the SQLite DB from the 
Terminal 

First of all, let me tell you the reason you need to learn how 
to use SQLite from the Mac OS X command line: you can easily 


create a database and copy it inside an iPhone Xcode project in 
order to use it from your iPhone application! 

The simple database that you are going to create in this 
section is going to l>e used in the forthcoming sections of this 
article. 

The following are the most important operations that you 
should know when using an SQLite database. 

Creating a database 

The following command will create a new database (by 

simply creating a new file) if the file does not already exist: 

$ sqliteS testSQLite.db 

SQLite version 3.7.3 

Enter ".help" for instructions 

Enter SQL statements terminated with a H ;* 

Deleting a database 

In order to delete a database, you only have to delete the 
relevant file. In our case the following command will l>e enough: 

$ ra testSQLlte.db 

Creating a table 

After creating a database and running the sqliteS command, 
you will have to type the following in order to create a new table 
called test. 

sqlite) create TABLE “test* ( "Name 4 ’ TEXT, “Surname" TEXT): 

The simple table called test has two fields called Name and 
Surname , both of them having die TEXT type. 

Inserting data into a table 

The following three commands insert three entries into our 
test table. 

sqlite) INSERT INTO test ("Name", “Surname") 

VALUES [“Mihails", “Tsoukalos*): 

sqlite) INSERT INTO test ("Name", "Surname*) 

VALUES ("MacTech" , "Magazine"); 

sqlite) INSERT INTO test (“Name”, "Surname'’) 

VALUES (“Edward*, "Marezak") ; 

Displaying the data of a table 

The following command will display die data that the test 
table lias. 
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sqlite> select * from test: 

Mihalis Tsoukalos 
MacTech Magazine 
Edward |Marcsak 

Please consult the Web Links and Bibliography section of 
this article for more resources about both SQlite3 and the SQL 
language. 

Programming the SQLite DB Using 
Objective-C 

First of all, forget the title of this section! The truth is that 
you will need some C (because SQLite’s API is written in C) to 
program the SQLite DB. 

The critical side effect of this fact is that you will not be 
able to use NSString objects (that are needed for iPhone 
programming) to pass data to the SQLite DB because C knows 
nothing about NSString objects! 

So, you will have to wrap C code inside your Objective-C 
code that is required to “manually” convert your C strings (that 
are actually C character pointers (char *)) into Objective-C 
NSString objects and vice versa in order to exchange 
information between the two programming languages. In order 
to convert a NSString object into a C string, you need to use the 
VTFSString method of the NSString class and the 
initWithUTFSString method in order to do the reverse thing. 

The example code is the following: 

#import <Foundation/Foundation.h> 

Jfimport <sqlite3.h> 


// Programmer: Mihalis Tsoukalos 
H Date; Monday 25 October 2010 

a 

// This is an example program of using 
H SQLite using Objective-C 
It 

// Compile it with the following command: 

// 

If gcc -framework Foundation SQLiteExample.ra -a 
SQLiteExample -lsqlite3 
It 

int main (int argc. const char * argv[]) 

[ 

NSAutoreleaseFool * pool = [ [NSAutoreleasePool alloc] 
init]; 

sqlitel ‘database; 
sqlite3_stmt ‘statement; 

MSString ‘filePath = @”testSQLite.dh“; 

// A File Manager for file operations 
NSFileManager *fm = [NSFileManager defaultManager] ; 


// Check if the database file already exists 
BOOL exists = [fm fileExistsAtPath:filePath] ; 

if (exists) 

NSLog(@"Database file existsU); 
else 
f 

MSLog(@”Database file does not exist. Quitlng*.."); 
return 1; 

1 
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const char *cfilePath = [filePath 
cStrlngUsingEncodlnsrNSUTFBStringEncoding]; 

If ( sqlite3_open(cfileFath, ^database) !- SQLITE_OK } 

I 

NSLog(ft"Cannot open database! 1 *): 

MSLog[@"Quiting.,3); 
return 2: 

} 

else 

NSLog(@ ,p Database %@ opened!**, filePath); 

ff The cStatement has to be converted 
// into a sqlite3_stmt, 

const char ‘cStatement = "SELECT * FROM test": 

if (sqlite3_prepare(database, cStatement, -1* ^statement* 
MULL) 1“ SQLITE.OK) 

[ 

NSLog(@ M Errm: preparing %s rt . cStatenrent): 

NSLog(@ # Quiting..*; 
return 3; 

) 

while (sqlite3_step(statement) = 3QLITEJRGW) 

I 

! f Read a C string 
const char *cName = (const char *) 
sqlite3_column_text(statement. 0): 

// Convert it to NSString 
NSString ‘name = [[[NSString alloc] 
initWithUTFSString;cName] autorelease]; 

If Read a C string 

const char “cSurnarae = (const char *) 
sqlite3_colutan_text [statement, 1} ; 
ff Convert it to NSString 
NSString 'surname = [[[NSString alloc] 
initWithUTFBSt ring:c Surname1 
antoreleaae]; 

// And now, lets display the data 

NSLog(@ M name = %@ and surname = %ft", name, surname); 

1 

ff Clear the query results 
sqlite3_reset(statement); 
s qlite3_f inalize(statement); 

ff Now close the database 
sqllte3_close(database); 

[pool release]; 
return 0; 


As I say inside the objective-C code, in order to compile it 
you need to run the following command from the Terminal 
application: 

$ gcc -framework Foundation SQLiteExample.m -q SQLiteExample 
-lsqlite3 

The -IsqliteS parameter tells the gcc compiler to link the 
sqlite3 library when compiling the Objective-C code. 

The -framework Foundation parameter tells the gcc 
compiler that the code to be compiled is written in die 
Objective-C programming language and therefore needs to be 
linked with the Foundation Objective-C library*, 

So, if you run the executable (that will be called 
SQLiteExample because of the -o parameter) you will see the 


foilowing (depending on the data that you put inside the test 
table); 

201041-13 21:09:17.327 SQUteExample[79781:903] Database file exists! 
2010-1 M3 21:09:17331 5QUteExampM79781:903l Database 
testSQLite.db opened! 

2010-11-13 21:09:17331 SQUteExample[79781:903J name = Mihalis and 
surname = Tsoukalos 

2010-11-13 21:0947332 SQLiteExampk[79781:9031 name = MacTech 
and surname = Magazine 

2010-11-13 21:09:17332 SQLiteExampiej79781:903] name = Edward 
and surname = Marczak 

The sqtite3JlnaIizeQ routine destroys a prepared 
statement created by a prior call to sqliteS,_prepare()< Every 
prepared statement must be destroyed using a call to this 
routine in order to avoid memory leaks. If you do not execute 
the sqliteJtnafizeQ routine you will get the "unable to close 
due to unfinalised statements” error. 

Using the SQLite DB from the 
iPhone 

The fist thing that you need to do is to manually create an 
SQLite database file using the Terminal application. 

Then, you need to copy that file into the Resources of the 
application. 

Please do not forget to save a copy of the database file if 
case you want to edit it later, 

Last f you will need to add the libsqlite3.dylib file to 
your project. The libsqlite3 .dylib file is a link that points 
to the latest version of the SQLite3 library. If you do not add the 
libsqlite3.dylib file then you will see an image with 
error messages similar to Figure 1 and the compilation process 
(actually the linking pan of it) will fail. 
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Figure 1: Compiling without linking to the SQLite library 


M/C1KH 


The SQLiti DB and iOS 83 














The process to add a library is the same as adding a 
Framework and is as follows. In Xcode: 

Select u Frameworks" from die u Group & Files” pane and 
right click on it. 

From there, select “Add" and then “Existing f rameworks ,.. 11 
From the really big list (figure 2X select libsqlitejxlylib 
(which is the same as selecting libsqlited.O.dylib) and click add. 
Build and Run your project! 



Figure 2: Adding the libsqiiteJ.dylib library 


An iPhone application that uses 
SQLite 

This is the interesting part of the article where we stop 
talking theoretically and start doing some practical things. You 
are going to make a complete iPhone application that uses 
SQLite, Xcode will he used for writing and compiling the 
application. 

Also, if you want to run the application using your iPhone 
and not the iPhone Simulator, you will need to go to the iOS 
Dev Center and enroll to the iOS Developer Program. I am 
currently using iOS 4.2.1 on my iPhone 4. 

The iPhone application that this article is going to program 
will display the contents of the lest table (created in a previous 
section of this article). You can download all the classes from 
Ftp;//ftp. mactech .com. 

First of all, create a new iPhone project from the existing 
Application templates. Choose “Navigation-based Application" 
as you can see in figure 3- The name of the application will be 

DBapp 



Figure 3: Creating a new Navigation-based Application 

In order to be able to re-use some of the presented code 
in other projects, a separate class that deals with the SQLite 
database access will be introduced. The class will be called 
DBObjed and will be implemented in two separate files, the 
DBObjecth file that contained the class declaration and the 
DBOject,m file that contains the class implementation that is a 
standard Objective-C practice. 

In order to include the DBOject class in your project, you 
will have to go to “File"'->"New File" and then select *Objeetive- 
C Class* from the “Cocoa Touch Class’ 1 group. 

The DBObjecth file is straightforward; it has one variable 
that holds the database connection and three class methods that 
are going to be implemented in the DBOject. m file, 

You should always check the for the SQUTEJOK return 
value to make sure that everything worked successfully. If there 
is an error, you can show it as in the following piece of code: 

if (aqlite3_close (database) i= 5QLTTEJ3K) 

I 

NSLog(©"Error; failed to close database: ' Xs’/U 
sqlite3„errmsg(database)): 

else 

t 

NSLog{@"Database connection successfully closed"): 

1 

The in it function is automatically executed from the 
Root ViewControLm file using the following line of code: 

DBObject ’database = [[DBObject alloc] Inlt]; 

The init function opens the database connection and then 
fetches the data using the next line of code: 

self.data = [database getData]: 

You can also use the following way in order to convert an 
NSString into a C string: 
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NSMut abIeArcay * d at a; 


const char *cfileFath = [dbfileSQ 
cStringUsingEncodin g: NSUTESStringEneodingl; 

The cStringUsingEncoding method of the NSString class 
returns a C string using a given encoding. 

You also need to add the SQLite database file—named 
testSQLitexlb —to your Xcode project* You should right-dick die 
Resources folder and select 1 Add" and then '‘Existing Files”, You 
will then select the file and after than you will a figure similar 
to Figure 4 r Please make sure that “Copy items into destination 
group's folder (if needed)* is selected. 



Figure 4: Inserting the database file to your Xcode project 


You Will also need to create anodier class that will hold die 
data of each table row, l called it person and it has two 
members {name and surname). You will need to create its two 
files, the include file (person t b) and the implementation file 
(pmon.m). 

If you want to create your own iOS application you will 
need to adjust the person class (or even change its name!) in 
order to contain the fields that match your needs and your 
database tables. 

Also, you should alter the RootViewControllenh and 
RootViewControllermi files. Their full contents are the 
following: 

// 

/ i RootViewControllenh 

// DBapp 

if 

// Created by Mihalis Tsoukalos on 15/11/2010. 

// Copyright 2010 yourCompany. All rights reserved, 

// 

//import <UIKit/UIKit.h> 

tfimport “DBObjecth* 

# import “person^" 

^interface RootViewController : UITableViewController 

I 


1 

^property (retain, nonatomic) NSMutableArray *data; 

@end 

The contents of the RootViewControLh file are simplistic 
whereas the altered RootViewControljn file is more 
complicated. Nevertheless note that most of its code is 
automatically created by Xcode. The added code is in bold 
typeface* 

// 

/ / RootVie wController. m 

/ / DBapp 

// 

// Created by Mihalis Tsoukalos on 15/11/2010. 

// Copyright 2010 yourCampany. All rights reserved. 

// 

//import "RootViewController, h H 


implementation RootViewCont roller 

// This completes the ©property command 
// from the RootViewControlIenh file 
©synthesize data; 

//pragma mark - 

//pragma mark View lifecycle 

* (void]viewDidLoad 
I 

[super viewDidLoad]; 

// Uncomment the following line to display an Edit 
button in the navigation bar for this view controller. 

// self .navigation! tem. right BarBuTtonltem = 
self.editButtonltem; 

DBObject * database = [ [DBObject alloc] init]; 
self, data = [database getData]; 

[database closeDBCormection]; 

[database release]; 

1 


//pragma mark - 

//pragma mark Table view data source 

// Customize the number of sections in the table view. 
- (NSInteger JnumberOfSectionsInTahleView: (UITableViey 
*)tableView [ 
return 1; 

) 


// Customize the number of rows in the table view* 
- (NSlnteger)tableView:(UITableView *)tableView 
numberOfRowsInSection:(NSlnteger)section 
I 

return [self.data count]; 

I 


// Customise the appearance of table view cells. 

(UITab1eViewCe11 *)tableView:(UITableView *)tab!eView 
celIforRowAtIndexPath:(NSIndexFa th "JindexFath ! 
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static NSString, *CellIdentifier = @ M Cell”: 

UITableVlewCell -cell = [tubleView 
dequeueReusableCell¥ithIdentlfier;CellIdentifier] : 
if (cell = nil) [ 

cell 11 [[[UXTableViewGell alloc] 
init WithS t y1e:UITab1eVievC e11St y1eE efauit 
reuseldentifiertCellldentifier] autorelease]: 

] 

// Configure the cell. 

person” myPerson = [self.data ohjectAtlndex:[mdexPath row]]; 
cell.textLabeltext - myPerson,surname; 

return cell: 

1 

//pragma mark - 

$pragma mark Table view delegate 

- (void)tableView:(UITableView -JtableViev 

didSelectRowAtlndexPath;(NSIndexPath DindexPath { 

/* 

<#DetailViewController#> 4 detailViewController = 

[ I<#DetailViewController#> alloc] initWithllibNaine 4 .@”<#Nib 
name//)” bundle:nil]; 

// ... 

// Pass the selected object to the new view 
controller. 

[self,navigarionController 

pushViewController:detailViewController animated:YES]: 
[detailViewCantroller release]: 

*/ 

1 

//pragma mark ■ 

//pragma mark Memory management 

- (void)didReceiveMemoryWarning ( 

if Releases the view if it doesn't have a superview, 
[super didReceiveMemoryW&rning]; 

// Relinquish ownership any cached data, images f etc 
that aren't in use. 

] 

- (void)viewDidUnload I 

// Relinquish ownership of anything that can be 
recreated in viewDidLoad or on demand. 

// For example: self,myQutlet “ nil: 

] 


- (void)deallac 
{ 

[super dealloc]: 


@end 

If you have no typos, then by compiling and running the 
application you will see Figure 5. 

Also, the application only displays the surname column 
from the test table. This is done by using die following code: 

cell.textLabel.text - myPeraon.surname: 



IsGukaloe 

Magazine 

Macczak 



Figure 5: The DBApp is running! 


You can further change the look of the application by 
customizing the lUTabkVieui 

Summary 

The simple application that was programmed in this article 
is a complete example of an iPhone application that uses the 
SQLite3 database. 

Its output is minimal but the presented code fully shows 
the use of SQLite3 using Objective-C and Xcode. 

SQLite3 is very efficient, uses SQL which is the standard 
language for creating, querying and changing databases and is 
embedded in every iPhone and iPad, What else can you ask? 
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Learning SQL by Alain Beaulieu, O'Reilly, 2009 
SQLite Manager plug-in for Fj refox, 

http://code.google.com/p/sqlii^monager/ 
iPhone Programming: The Big Nerd Ranch Guide by Joe 
Conway & Aaron Htllegass, Big Nerd Ranch, 2010 
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Supporting laptops in a managed environment is tricky 
(and doubly so if you allow them to be taken off your 
corporate network). While you can be reasonably assured that 
your desktops will remain on and connected during the 
workday, it's not uncommon for laptops to go to sleep, change 
wireless access points, and even change between an Ethernet 
or AirPort connection several times during the day. It's 
important to have a tool that can “tweak" certain settings in 
response to these changes. This is where crankd comes in. 

Crankd is a cool utility that's part of the Pymacadmin 
(http://code.google.eom/p/pynnocadmm/) suite of tools, co- 
authored by Chris Adams and Nigel Kersten. Specifically, 
crankd is a Python daemon that lets you trigger shell scripts, 
or execute Python methods, based upon state changes in 
SystemConfiguration, NSWorkspace and FSEvents. It's easier 
to see how crankd can help you by providing a couple of 
scenarios: 

Use Cases 

1. Your laptops, like all of the other machines in your 
organization, are bound to your corporate LDAP servers. 
When they're on-network, they will query the LDAP 
servers for things like authentication information. Unless 
your corporate LDAP directory is accessible outside your 
corporate network, your laptops may exhibit the “spinning 
wheel of death” when they attempt to contact a suddenly- 
unreachable LDAP directory at the neighborhood 
Starbucks. A solution to this is to remove the LDAP servers 
from your Search (and Contacts) path w henever the laptop 
is taken off-network and add the LDAP servers when you 
come back on-network. 

2. Perhaps you're using Puppet, Munki, Chef, StarDeploy, 
File wave, Absolute Manage, Casper, or any other 
configuration management system that needs to contact a 
centralized server for configuration information. Usually 
these tools will have your machine contact their servers 
once an hour or so, but this can be a problem if the 
machine is constantly sleeping and waking (such as 
Laptop Cart Labs or demonstration machines). Plus, if you 
take your machine off-network, you don't tvant it trying to 
contact a server that might not be reachable from the 
outside world. It would be nice to have your laptop 


“phone home” when it establishes a network connection 
on your corporate network and skip this step when the 
laptop is taken outside your organization. 

3- OS X allows you to set a preferred order for your network 
connections, but it would be nice to disable the AirPort 
when your laptop establishes an Ethernet connection on 
your corporate network. 

4. Finally, maybe you have the need to perform an action 
whenever your laptop sleeps (or w^akes), changes a 
network connection, mounts a volume, or runs a specific 
Application (whether it ? s located in the Applications 
directory or anywhere else on your machine). 

All of these situations can be made trivial through the help of 
crankd. 

How do I get it working? 

Crankd is a daemon, so its running in the background 
while you w r ork. It uses an XML plist file that lists the scripts 
(or Python methods) that crankd should execute in response 
to specific state changes (like a network connection going up 
or down or a volume being mounted). Since it's a small 
Python library, the files aren’t huge and the entire finished 
installation is around 100 Kb (or larger with your custom 
code/scripts). Let's download crankd and experiment with its 
settings: 

1. Download the Pymacadmin source. You can do this 

through Google Code or Github - I recommend Lhe Github 
method as it seems to currently be a newer version. You 
have two choices for downloading the source code: you 
can either navigate to 

hkp://github.com/acdha/pymacadfnin T click the Downloads 
button, download either the .tar.gz or the .zip version of 
the source code and double-click on the file to expand it 
( which should open a folder named acdha-pymacadmin- 
ccombination of 7 numbers and leiters>), or you could use 
git to check out a version of the Pymacadmin repository 
with the git checkout 

https://github.com/acdha/pymacadmin*git 
pymacadmin command (Do note that git needs to be 
installed on your computer as it doesn't come natively 
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with OS X. There is a Mac installer that can be downloaded 
from http://code.google.eom/p/git-osx-instoller/ ). 

2. Install crankd. Upon opening the pymacadmin Folder, you 

should see a series of folders, readme files, and an 
install-crankd, sh installation script. Let's open 
Terminal app and navigate to the pymacadmin folder that 
we expanded on our desktop (you can type cd into 
Terminal app and then drag and drop the folder into the 
Terminal window. Hit the Return button on your keyboard 
to change to the directory). The install-erankd. sh 
script is executable, so run it by typing sudo 
. /install-crankd. sh into the Terminal window and 
hitting Return, Enter your password when it prompts you. 

3, Setup a plist file for crankd, Crankd uses an XML 
configuration plist to determine which state changes to 
monitor and which scripts or Python methods to execute 
in response to these state changes. If you've never worked 
with crankd before, it’s best to let it create a sample 
configuration plist for you. If you don't specify a 
configuration plist with the —config argument, or you 
don't have a com.googlecode.pymaeadmin,crankd,plist file 
in your /Users/<username>/Library/Preferences folder, 
crankd will automatically create this sample plist for you. 
Let's do that by typing sudo 
/usr/local/sbin/crankd.py into Terminal and 
hitting the Return burton. Take a look at the sample 
configuration plist file it will create (located in your 
/Users/<usemame>/Library/Preferences folder) : 

com t goQglecode.pymmadmin.crankd.pii$t 

<?xml version”"1.0" encoding="UTF-8"7> 

< ! DOCTYFE pHst PUBLIC *-//Apple Computer//DTD PLIST 
1.0 // EtT "http://vwv.apple.com/DTDs/PropertyList-1.O.dtd") 
(plist version-"!.0"> 

(diet) 

(key)NSWo rkspace(/key) 

(diet) 

(key>NSWorkspaceDidMouatNotification</key> 

(diet) 

<key>comniand</key> 

(string)/bin/echo "A new volume was 
mounted]"(/string) 

(/diet) 

<key>NSWotkspaceDidWakeNotification</key> 

(diet) 

<key>command(/key) 

(string)/bin/echo "The system woke from 
sleepl"(/string) 

(/diet) 

<key>MSWorkspaceWillSleepNotification</key> 

(diet) 

<key)command</key> 

<string>/bin/echo “The system is about to 
sleep I"(/string) 

(/diet) 

(/diet) 

<key>SystemConfiguration</key> 

(diet) 

(key)State:/Network/Global/IFv4</key> 

(diet) 

<key>command</key> 

(string>/bxn/echo "Global IPv4 config 
changed*(/string) 

</dict> 

(/diet) 


(/diet) 

(/plist) 

This XML file has two main keys - one for NSWorkspace 
events (such as mounting volumes and sleeping/waking 
your laptop), and one for SystemConfiguration events 
(such as network state changes) followed by a key for the 
specific event that we're monitoring, a key specifying 
whether well be executing a command or a Python 
method in response to this event, and a string (or an array 
of strings, as well see later) specifying the actual command 
that's to be executed. For all of the events in the sample 
plist, we're going to be echoing a message to the console. 
4. Start crankd. Once crankd has been installed and your 
configuration plist file is setup, you’re ready to let crankd 
monitor for state changes. Let’s start crankd with the 
sample plist that was created in the previous step by 
executing sudo /usr/local/sbin/crankd.py - 
config-/Users/<username>/LibrarY/Preferenc 
es/com-googlecode.pymacadmin.crankd.plist 
in Terminal Remember to substitute your username for 
<username> in that command (if you don’t know your 
username, you can type whoami into Terminal and hit the 
Return button). If everything was executed correctly, you 
should see the following lines displayed in Terminal: 

Module directory /Users/<usernaine>/Libtary/AppIication 
Suppoct/crankd does nDt exist: Python handlers will need to 
use absolute pathnames 

INFO: Loading configuration from 
/Users/(username)/Library/Preferences/com,googlecode.pynaca 
dmin,crankd.plist 

INFO: Listening for these NSWorkspace notifications: 
NSWorkspaceWillSleepNotification, 

NSWorkspaceDidWakeNotification. 
NSWorkspaeeDidMountNotification 

INFO: Listening for these SystemConfiguration events: 
State:/Network/Global/lPv4 

It might look like Terminal isn’t doing anything, but in 
actuality crankd is listening for changes. You can make 
crankd come to life by either connecting to (or 
disconnecting from) an Airport network, sleeping/waking 
your machine, or mounting a volume (by inserting a USB 
memory' stick, for example). Performing any of these 
actions will cause crankd to echo messages to your 
Terminal window. Here's the message 1 received when 1 
disconnected from an Airport network: 

INFO: SystemConfiguration: State:/Network/Global/lPv4: 
executing /bin/echo "Global IPv4 config changed" 

Global IPv4 config changed 

To quit this sample configuration of crankd, simply hold 
dowm the control button on your keyboard and press the 
V key. Congratulations, crankd is now' up and running! 

A more complex example 

Let’s look at a scenario that is close to my heart. I run 
Puppet (http ://www. puppetlabs.com/puppet) to manage all of 
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our district's server, desktop, and laptop machines, and I 
would like to call Puppet anytime a laptop establishes a 
network connection inside our corporate network. This 
example will show how a Python method can be executed in 
response to a network state change. There are 3 main parts to 
my solution: 

A crankd plist file that specifies which state changes weTe 
monitoring and which Python methods to execute in 
response to those state changes. 

Python code to execute in response to the network state 
change, 

A launchd plist that will keep crankd running. 

The crankd Plist File 

We need to generate a plist file to identify which state 
change weTe monitoring and exactly what action we should 
take when this state change occurs, 1 would recommend 
monitoring the State:/Network/Global/IPv4 System 
Configuration state - this covers any IPv4 interface on your 
system. You COULD monitor each BSD interface separately 
(with the State:/Netw^ork/Interface/enO/lPv4 and 
State:/Network/Interface/enO/lPv4 keys), but you would then 
need logic to determine which BSD interface (such as enO and 
enl) corresponds to each network interface (such as Ethernet 
or AirPort), The entire plist file should look like this: 

crankd-config.plist 

<?xml version="l ,0" encoding- p tJTF-3*? > 

< t DOC TYPE plist PUBLIC H ‘ - / / Apple / / DTD PLIST 1.0//EH” 

"http;//ww. apple, com/DTDs/PropertyListT, thdtd") 

<plist version^"!.Q"> 

(diet) 

<key>SysteDiConfiguration</key> 

<dict> 

<key)State:/Network/Global/IPv4C/key) 

<dict> 

<key>wethod{/key> 

^artay) 

^string)CrankTools</string) 
<string>onHetworkChange</string) 

</array) 

</dict> 

</dict> 

</dict> 

</plist) 

The main difference between this plist file and the 
automatically-generated crankd plist file is that weTe not 
executing a script in response to the 
State;/Network/Global/IPv4 state change. Instead, we’re using 
the method key which tells crankd that weTe going to be 
executing a Python method. The next two string values are the 
specific Python class and method that should be executed in 
response to this state change. Finally, let's name this file 
crankd-config.plist and place it into the /Library/Preferences 
folder (NOT the /Users/cusername/Library/Preferences 
folder). 


The CrankTools Python Class 

The CrankTools class will be where all the Python magic 
happens. This class wall contain code to check if the laptop is 
on or off-network, code to call Puppet, and the specific 
method that will be called from crankd. It's VERY 
IMPORTANT that the name of the file matches the ciassname 
that was used in the crankd-config.plist file (this must match 
down to spelling and case). Because we specified CrankTools 
in the crankd-config.plist, the file must be called 
CrankTools.py, The method name is equally as important as 
the class name. Make sure that an onNetworkChange 
method exists in your CrankTools class (and that its spelling 
and case match with the crankd-config.plist file). When your 
Python class file is complete, make sure to save this file into 
the /Library/Application Support/crankd/ folder. 

The first method, called onNetworkChange, will either 
call the executePuppet method if it's determined that weTe 
on our corporate network (via the onTheNetwork method), 
or do nothing (if weTe off-network). You can add complexity 
as you become more comfortable, but for now weTe keeping 
it simple to demonstrate the process. 

The onTheNetwork method is going to be specific for 
every environment. Only you will know the best way to 
determine whether you're on your corporate network. For tins 
demonstration, Fm going to use the /usr/shin/scutil —r 
<hostname> command to try and access a machine that's 
only accessible when Fm on my corporate network. 

Finally, the executePuppet method is going to call a 
Puppet wrapper-script (/usr/bin/puppetd.rb) because Puppet 
has its own complexities and checks. 

Here is what my CrankTools.py file looks like: 

CrankTools.py 

._author_ = 'Gary Larizza (gary@huronhs.com) 1 

_version_ = 'Chi' 

import syslog 
import subprocess 

syslog,openlog(“CrankD") 

_PUPPETD = 1 /uar/bin/puppetd.rb' 

_SCUTIL = '/usr/sbin/scutil -r odm.huronhs.com' 

class CrankTools!): 

def onNetworkChange(self, *args. **kwargs): 

“‘ ‘Triggered when a H St;Lte:/Network/Globul/IPv4'' change 

occurs. 

it M M- 

if self .onTheHetworkO : 
self.executePuppet{) 

def executePuppet(self): 

“"“Simple utility function that calls puppet via subprocess. 
The _PUPPETD variable is set globally and corresponds to 
my puppet wrapper script. 

Arguments: None 
Returns: Nothing 

utflte 

flyslog,syslog(syslog. LOG_AIiERI, “Performing a Puppet 
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Run, H ) 


command - [_PUPPETDj 
task = subprocess.Popen[command. 

5tdout=subprQ.cess, PIPE, stderr = subprGcess,PIPE} 
task,communicate(} 

def onTheNetwork(self): 

""“This function will check to see if we are on our 
corporate network. 

Arguments: None 
Returns: 

Either True or a blank string depending on if we locate 
the desired host. 

U»4( 

command = subproceas, Popen(_SCUTIL t shallKETue, 
stdout=subprocess.PIPEJ 
netcheck = 

command.communicate[)[0] ,rstrip[), split(" , H ) 

for status in netcheck: 

if status = H Reachable': 

syslog. syslog{syslog.LOG_ALERT. “We are on- 

network . ”) 

return "true" 

syslog, syslog(syslog.LOG„ALERT, “We are off- 
network, ") 

return 


A Launchd Plist 

To stan crankd whenever the computer is turned on (and 
to run it as the root user), we're going to be using a launchd 
plist file that's put into /labrary/LaunchDaemons, Launchd 
plists are fairly easy to setup - take a look at this sample file: 

co m .googlecode. era nkd.plist 

<?xml version^* 1.0" encoding^ K UTF-8 lh ?> 

(IDGCTYFE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN" 

"http : //uw.apple .com/DTDs/PropertyList-1,0 .dtd"> 

<plist version 3 "1*0") 

<dict> 

<key>KeepAlive</key> 

(true/) 

<key>Label</key> 

<string>com,googlecode,crankd.plist <7 string) 
<key>ProgramArguments</key> 

(array) 

<string>/nsr/local/sbin/crankd,py</string> 
(string)—config=/Library/Preferences/crankd- 
conflg.plist</string) 

(/array) 

(key)RunAtLoad <7 key> 

(true/) 

(/diet) 

(/plist) 

If we deconstruct this plist file, we can see that it's 
running the command /us r / local/sbin/crankd .py 
-config=/Library/Preferences/crankd- 
config.plist whenever the computer is started. If the 
command is ever stopped (whether killed from the command 
line or via Activity Monitor), launchd will fire off another 
instance immediately (as long as this launchd plist is active). 
MAKE SURE that you've tested out your crankd setup before 
you start this launchd plist. If your crankd .setup has any 
errors, launchd will continually restart crankd,py until you 


unload the launchd plist (you can load or unload launchd 
plists with the command sudo /bin/launched: 1 load 
/Library/LaunchDaemons/<name of your launchd 
plist file> - just substitute unload for load if you want to 
unload the plist). 

Testing crankd 

Now comes the time to test your crankd setup. There are 
MANY things that can go wrong (errors in your Python code, 
typos in your configuration plist files, logic errors, etc...), so 
it's very important to test crankd with EVERY possible state 
change you're monitoring. Just open a Terminal window and 
execute sudo /usr/local/sbin/erankd.py — 
config=/Library/Preferences/crankd* 
con fig. plist to test crankd from the command line. A 
GREAT feature of crankd.py is that it will reload itself any 
time a configuration file or monitored script/Python method is 
changed. This means that you don’t have to kill and relaunch 
crankd.py every time you make a change to your 
CrankTools.py file (for instance). If you're running crankd,py 
from the command line, you can always use the print 
command in your Python code to debug sections of your code 
that might be causing errors. I highly recommend waiting to 
the system log any time your Python code is making changes 
to the system. Not only will you be able to track changes 
centrally if you aggregate your log data, but you'll be able to 
trace back logic errors in your system logs. 

Where to go for help 

Crankd is a part of the Pymacadmin suite of system tools. 
Pymacadmin maintains its own google group at 
http://groups.goog le.com/groLrp/ pymacadmin - so feel free to 
post questions for the good of the order. My personal blog 
(http://giorizza.posterous.cQm) has a couple of entries on 
crankd, and you’re welcome to check my Puppet repository 
on Github for the exact crankd code that 1 use on my 
machines (https://github.com/huronschools/HuromCity-Schools- 
PuppePRepository/tree/master/fiies/cronkd), Good luck and get 
crankingl 
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VMware View 
Client for iPad 

Windows on iOS—to go! 

by Dennis Sellers 


VMware r s VMware View Client for iPad 
l http://www.vnnware.com/products/view) enables users of the 
Apple tablet to access iheir virtual Windows desktops, 
applications and data from just about anywhere. It’s 
available for free at the Apple 
App Store and is optimized for 
the iPad’s high-resolution Multi- 
Touch display 

VMware View Client for 
iPad makes it easy to access 
your Windows virtual desktop 
from your iPad on the Local 
Area Network (LAN) or across a 
Wide Area Network (WAN). 

Since desktops are tied to users 
and not devices, desktops 
"follow” the user from device to 
device. 

The new VMware View 
Client is the first iPad app to 
deliver Windows-based virtual 
desktops while taking 
advantage of the PC-over-IP 
(PColP) display protocol. On 
LAN or WAN connections, VMware View with 
PColP delivers a high performance desktop experience, 
even over high latency and low-bandwidth connections. 

Custom gestures on the new VMware View Client 
enable navigation around the virtual desktop by taking 
advantage of iPad’s Multi-Touch display. An on-screen track 
pad lets users leverage a more traditional mouse interface 
with the iPad’s keyboard for text input. 

VMware View offers Security Server support for PColP 
allows for a secure remote connection and authentication to 
a user’s Windows desktop over WiFi or 3G ne works. The 
ability to select and connect to a list of recently connected 
desktops simplifies reconnection. 

Support for the iPad Keyboard Dock and Bluetooth 
keyboards lets you input text with a physical, rather than 
virtual, keyboard, when you wish. The iPad VGA connector 


allows you to connect to an external monitor. VMware View 
Client for iPad supports SOS 4,2 and iOS 4.3. 

Serving families in Southern California, Childrens 
Hospital Central California recently deployed VMware View 
- a Windows compatible, client desktop product that 
provides remote desktop capabilities to users using 
VMware’s virtualization technology — to provide “Follow- 
me Desktops” that move from room-to-room with clinicians 
and staff as they treat their patients. The hospital has plans 
to deploy the VMware View Client for iPad. 

The iPad could fundamentally change the way our 
clinicians and staff approach their IT needs,” says Kirk 
Larson, chief information officer, Children’s Hospital Central 
California. “Now with VMware View Client for iPad, our 
caregivers can have the freedom to access a patient’s 
electronic medical records anywhere in the hospital via an 
iPad on a secure VMware View desktop. This could not only 

improve patient care but may 
enable us to dramatically 
reduce costs and simplify 
device management.” 

VMware View includes, 
and is tightly integrated with, 
VMware vSphere, a 
virtualization platform, tt’s 
designed to allow users to 
simultaneously power on 
thousands of desktops 
without performance 

degradation, and extend 
business continuity and 
disaster recovery features 
from VMware vSphere to your 
desktops. You can use 
VMware View to, among other 
things, deliver desktops to 
remote and branch offices to 
accelerate provisioning while retaining control 

Desktop and application virtualization breaks the 
bonds between the operating system, applications, user data 
and hardware, eliminating the need to install or manage 
desktop environments on end-user devices. From a central 
location you can deliver, manage and update all of your 
Windows desktops and applications. 

VMware ThinApp application virtualization separates 
applications from underlying operating systems. 
Applications packaged with VMware ThinApp can be run in 
the datacenter where they are accessible through a shortcut 
on the virtual desktop, reducing the size of the desktop 
image and minimizing storage needs. 

Since VMware ThinApp isolates and virtualizes 
applications, multiple applications or multiple versions of 
the same applications can run on the virtual desktops 
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Using Windows on the iPad presents some new challenges. 

without conflict, Applications are assigned centrally through 
the View Manager, ensuring that all user desktops are up-to- 
date with the latest application versions, 

VMware View Manager provides a single management 
tool to provision new desktops or groups of desktops, and 
an interface for setting desktop policies. Using a template, 
you can customize virtual pools of desktops and set 
policies, such as how many virtual machines can be in a 
pool, or logoff parameters. 

Based on the Linked Clone technology, VMware View 
Composer lets users create desktop images from a golden 


image. (A linked clone is a copy of a virtual machine that 
continues to share the virtual disks of its parents but 
basically runs of a snapshot, which preserves the exact state 
of the virtual machine when you create the clone). Updates 
implemented on the parent image can be pushed out to any 
number of virtual desktop quickly. With the core 
components of the desktop being managed separately, the 
process doesn't affect user settings, data or applications. 

You can maintain control over data and intellectual 
property by keeping it secure in the datacenter, End users 
access their personalized desktop, complete with 
applications and data, securely from any location, at any 
time without jeopardizing corporate security policies. End- 
users outside of the corporate network can connect to their 
desktop securely through the VMware View Security Server. 

Integration with vShield Endpoint enables offloaded 
and centralized anti-virus and anti-malware (AV) solutions. 
VMware View also supports integration with RSA SeeurelD 
for 2-factor authentication requirements, 
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THE MACTECH SPOTLIGHT 


Justin 

Williams 


What's the coolest tech thing you've done using OS X? 

Building Elements, the first Dropbox powered text editor 
for iOS was pretty neat. It doesn’t seem like much now as there 
are so many different choices out there, but being first to 
market has some clear advantages and was a real boost to the 
nerd ego. 



SECOND GEAR 

http://www.secondgearsoftware.com 


Ever? 

Organizing and coordinating Indie+Relief in January of 
2010 was probably my greatest hit thus far. Indie+Relief 
(http://indierelief.com) was a 1 clay charity event where 
hundreds of Mac and iOS developers donated their sales to 
Haitian Relief charities in the wake of the earthquake that hit 
the area earlier that month. It was a lot of work, but raising 
over $144,000 is probably something I’ll never be 
able to do again. 


Where can we see a sample of 
your work? 

All of Second Gear's stuff is 
available on both the IOS and 
Mac App Stores. You can also see 
screenshots and other stuff at 
seco nd g eo rsoftwa re. com. 


The next way I'm going 
to impact the Apple 
universe: 

The Mac App Store Is 
changing the way the 
desktop software industry is 
shaped. It's evening the 
playing field between widely 
known consumer app markets 
and the less obscure, but 
incredibly useful apps, Eve found 
so many little utilities on the Mac App Store 
that have been out for years, but I'd never 
heard of before. Having all those apps in a 
central location right in my Dock is awesome. 


Anything else we should know? 

I tend to tweet quite a lot. Since 1 work alone at home, 
Twitter is my water cooler, i use the ©secondgear account to 
about our products and interact with customers and am often 
mistaken for a teen popstar on my personal account @justin. 


What do you do? 

Crew Chief, though I’m the only person on the crew so 
I guess 1 do everything. 


How long have you been doing what 
you do? 

I founded Second Gear the 
day after I graduated college in 
the spring of 2006. 


Are you Mac-only, or a 
multi-platform 
person? 

I use a Mac as my 
primary computer, but I 
switch between the 
iPhone, Windows Phone 
7, Android and webOS 
for my 

smartphone. Women have 
shoes. I have phones for every 
occasion. 


WTiat attracts you to working 
on the Mac? 

When ! started building apps for the 
Mac it was because 1 had just switched and 
wanted to scratch a few r itches of my own. Now that Pm 
several years in, all the improvements in the frameworks and 
tools make it hard for me to take other platforms 
seriously Apple really understands that good tools are the key 
to a successful platform. 


What's the coolest thing about the Mac? 

1 really like how most of the developers have taste. Great 
software on the Mac not only works great, but also looks 
great. 


What is the advice you'd give to someone trying to get 
into this line of work today? 

Just build something. Anything. Once you've polished it 
into a useful and good looking product, put it on die App Store 
and see if you can start building an audience. 




ll you or someone you know belongs m the MatTedt Spotlight let 
us know! Send details to etktorial@mtxiech.com 
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Mac shopping made easy. 

Grab that to-do list, and prepare for some one-stop shopping at 
Smalldog.com! 
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Bundles simplify the buying process 

Mac bundles (think Mac + RAM + AppleCare + external hard drive, etc.) 
not only include everything you need, but also save you money. 

Visit » SmalIdog.com/specials 


Macs from under $500 

We carry all current Macs as well as used, refurbished and closeout 
models, so there is a Mac for any budget. 

Visit » SmaIldog.com/macs 
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Free shipping over $200 

It’s true-we provide free, same-day ground shipping on every item over 
$200 every day. 




Tax-free shopping 

Purchases outside of Vermont are 
always shipped tax-free. 


Small Dog 

Electronics 

Atags Vjoux Glde 


www.smalldog.com 

800-511-MACS 

U Apple Specialist 


f 1 V MacPook Pro ♦ 
Chill Pill® mobile speakers 
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Celebrating 15 Years » 3rd Largest Apple Specialist in New England ■ 5-Star Merchant Rating • Same-day shipping 


Bundles T Macs Free Shipping T Tax-Free 
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